Add OperationPolicyViolationSeverityType

The binding of operation policy violation severity
to ValidationIssueSeverityType was probably not ideal: we need these
two to be able to evolve independently, as they represent quite
different concepts.

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/shadows/ShadowTablePanel.java

@@ -712,7 +712,7 @@ private void deleteAccountsConfirmedPerformed(
                     getPageBase().getModelService().executeChanges(
                             MiscUtil.createCollection(deleteDelta), options, task, result);
                 } else {
-                    result.setStatus(severityToStatus(severity));
+                    result.setStatus(OperationResultStatus.forViolationSeverity(severity));
                     result.setUserFriendlyMessage(
                             new SingleLocalizableMessage(
                                     "ShadowTablePanel.message.deletionForbidden",
@@ -732,20 +732,6 @@ private void deleteAccountsConfirmedPerformed(
         target.add(getPageBase().getFeedbackPanel());
     }
 
-    // Considered moving right to OperationResultStatus class, but INFO -> NOT_APPLICABLE mapping is specific for this situation.
-    private OperationResultStatus severityToStatus(ValidationIssueSeverityType severity) {
-        switch (severity) {
-            case ERROR:
-                return OperationResultStatus.FATAL_ERROR;
-            case WARNING:
-                return OperationResultStatus.WARNING;
-            case INFO:
-                return OperationResultStatus.NOT_APPLICABLE;
-            default:
-                throw new AssertionError(severity);
-        }
-    }
-
     private IModel<String> createDeleteConfirmString(List<SelectableBean<ShadowType>> selectedShadow) {
         return () -> {
             GetOperationOptions rootOptions = SelectorOptions.findRootOptions(getOptions());

infra/schema/src/main/java/com/evolveum/midpoint/schema/result/OperationResultStatus.java

@@ -8,6 +8,8 @@
 
 import com.evolveum.midpoint.util.exception.CommonException;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyViolationSeverityType;
+
 import org.jetbrains.annotations.Contract;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -157,6 +159,15 @@ private static OperationResultStatus forCommonExceptionStatus(@NotNull CommonExc
         }
     }
 
+    public static OperationResultStatus forViolationSeverity(@NotNull OperationPolicyViolationSeverityType severity) {
+        if (severity == OperationPolicyViolationSeverityType.ERROR) {
+            return OperationResultStatus.FATAL_ERROR;
+        } else {
+            // Severity "info" means that the operation is simply not applicable in given context. Hence this value.
+            return OperationResultStatus.NOT_APPLICABLE;
+        }
+    }
+
     public OperationResultStatusType createStatusType() {
         return createStatusType(this);
     }

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectOperationPolicyTypeUtil.java

@@ -9,7 +9,7 @@
 
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectOperationPolicyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ValidationIssueSeverityType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyViolationSeverityType;
 
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -19,13 +19,13 @@
 public class ObjectOperationPolicyTypeUtil {
 
     /** Returns the `delete` policy severity, or `null` if there are no restrictions. */
-    public static @Nullable ValidationIssueSeverityType getDeletionRestrictionSeverity(@NotNull ObjectOperationPolicyType policy) {
+    public static @Nullable OperationPolicyViolationSeverityType getDeletionRestrictionSeverity(
+            @NotNull ObjectOperationPolicyType policy) {
         // Current implementation indicates that the policy is computed in full.
         // But to make things more robust (e.g. until it's documented) let us be careful.
         OperationPolicyConfigurationType delete = policy.getDelete();
         if (delete != null && Boolean.FALSE.equals(delete.isEnabled())) {
-            // TODO what is the default severity?
-            return Objects.requireNonNullElse(delete.getSeverity(), ValidationIssueSeverityType.ERROR);
+            return Objects.requireNonNullElse(delete.getSeverity(), OperationPolicyViolationSeverityType.ERROR);
         } else {
             return null; // operation is allowed
         }

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -20172,12 +20172,58 @@
     </xsd:complexType>
 
     <xsd:complexType name="OperationPolicyConfigurationType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:since>4.7</a:since>
+                <!-- intentionally not a container (really?) -->
+            </xsd:appinfo>
+        </xsd:annotation>
         <xsd:sequence>
             <xsd:element name="enabled" minOccurs="0" type="xsd:boolean" default="true" />
-            <xsd:element name="severity" minOccurs="0" type="tns:ValidationIssueSeverityType" />
+            <xsd:element name="severity" minOccurs="0" type="tns:OperationPolicyViolationSeverityType" default="error">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How severe is the policy violation? I.e. how "loudly" is a policy enforced - if the given
+                        operation would occur, what should be signalled to the upper layers?
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
         </xsd:sequence>
     </xsd:complexType>
 
+    <!-- TODO find a better name; maybe the values are not ideal either -->
+    <xsd:simpleType name="OperationPolicyViolationSeverityType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Severity level of operation policy violation.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="error">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        If a given operation would occur, a (fatal) error should be signalled.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ERROR"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="info">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The operation should be skipped silently.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="INFO"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
 
     <xsd:complexType name="SynchronizeOperationPolicyConfigurationType">
         <xsd:sequence>

repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper.java

@@ -11,6 +11,8 @@
 import javax.annotation.PostConstruct;
 import javax.annotation.PreDestroy;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -25,18 +27,7 @@
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.MarkType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectOperationPolicyType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyStatementType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyStatementTypeType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizeOperationPolicyConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ValidationIssueSeverityType;
+
 import com.google.common.base.Objects;
 
 import static com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyStatementTypeType.*;
@@ -367,24 +358,24 @@ protected boolean policyNotExcluded(ObjectType shadow, String markProtectedShado
             if (containsOid(effectiveMarkRefs, MARK_PROTECTED_SHADOW_OID)) {
                 return new ObjectOperationPolicyType()
                         .synchronize(new SynchronizeOperationPolicyConfigurationType()
-                                .inbound(op(false, ValidationIssueSeverityType.INFO))
-                                .outbound(op(false, ValidationIssueSeverityType.WARNING))
-                                )
-                        .add(op(false, ValidationIssueSeverityType.ERROR))
-                        .modify(op(false, ValidationIssueSeverityType.ERROR))
-                        .delete(op(false, ValidationIssueSeverityType.ERROR));
+                                .inbound(op(false, OperationPolicyViolationSeverityType.INFO))
+                                .outbound(op(false, OperationPolicyViolationSeverityType.INFO))
+                        )
+                        .add(op(false, OperationPolicyViolationSeverityType.ERROR))
+                        .modify(op(false, OperationPolicyViolationSeverityType.ERROR))
+                        .delete(op(false, OperationPolicyViolationSeverityType.ERROR));
             }
             return new ObjectOperationPolicyType()
                     .synchronize(new SynchronizeOperationPolicyConfigurationType()
                             .inbound(op(true, null))
                             .outbound(op(true, null))
-                            )
+                    )
                     .add(op(true, null))
                     .modify(op(true, null))
                     .delete(op(true, null));
         }
 
-        private OperationPolicyConfigurationType op(boolean value, ValidationIssueSeverityType severity) {
+        private OperationPolicyConfigurationType op(boolean value, OperationPolicyViolationSeverityType severity) {
             var ret = new OperationPolicyConfigurationType();
             ret.setEnabled(value);
             if (!value) {