Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/PageTest.java

@@ -31,7 +31,7 @@
 /**
  * @author lazyman
  */
-@PageDescriptor(url = "/admin/test", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)})
+@PageDescriptor(url = "/admin/test", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)})
 public class PageTest extends PageBase {
 
     public PageTest() {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/PageTest2.java

@@ -33,7 +33,7 @@
  *
  *  @author shood
  */
-@PageDescriptor(url = "/capability", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)})
+@PageDescriptor(url = "/capability", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)})
 public class PageTest2 extends PageBase {
 
     private static final String ID_CAPABILITY = "capability";

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageBulkAction.java

@@ -37,7 +37,7 @@
 //                label = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_LABEL, description = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_DESCRIPTION),
 //        @AuthorizationAction(actionUri = AuthorizationConstants.NS_AUTHORIZATION + "#bulkAction",
 //                label = "PageBulkAction.auth.bulkAction.label", description = "PageBulkAction.auth.bulkAction.description")
-        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)
+        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)
 })
 public class PageBulkAction extends PageAdminConfiguration {
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java

@@ -44,7 +44,7 @@
 //        PageAdminResources.AUTHORIZATION_RESOURCE_ALL,
 //        AuthorizationConstants.NS_AUTHORIZATION + "#resourceWizard"})
 @PageDescriptor(url = "/admin/resources/wizard",
-        action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)})
+        action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)})
 public class PageResourceWizard extends PageAdminResources {
 
     private static final String ID_WIZARD = "wizard";

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/content/PageContentEntitlements.java

@@ -35,7 +35,7 @@
  * @author lazyman
  */
 @PageDescriptor(url = "/admin/resources/content/entitlements", encoder = OnePageParameterEncoder.class, action = {
-        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)})
+        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)})
 public class PageContentEntitlements extends PageAdminResources {
 
     private IModel<PrismObject<ResourceType>> resourceModel;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageFindUsers.java

@@ -25,7 +25,7 @@
 /**
  * @author lazyman
  */
-@PageDescriptor(url = "/admin/users/find", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DENY_ALL)})
+@PageDescriptor(url = "/admin/users/find", action = {@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_DEVEL_URL)})
 public class PageFindUsers extends PageAdminUsers {
 
     private static final Trace LOGGER = TraceManager.getTrace(PageFindUsers.class);

gui/admin-gui/src/main/webapp/status.html

@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<head lang="en">
+    <meta charset="UTF-8">
+    <title>MidPoint</title>
+</head>
+<body>Alive</body>
+</html>

infra/common/src/main/java/com/evolveum/midpoint/common/refinery/ResourceShadowDiscriminator.java

@@ -58,12 +58,16 @@ public ResourceShadowDiscriminator(ShadowDiscriminatorType accRefType) {
 		this(accRefType.getResourceRef().getOid(), accRefType.getKind(), accRefType.getIntent());
 	}
 
-	public ResourceShadowDiscriminator(ShadowDiscriminatorType accRefType, ShadowKindType defaultKind) {
+	public ResourceShadowDiscriminator(ShadowDiscriminatorType accRefType, String defaultResourceOid, ShadowKindType defaultKind) {
 		ShadowKindType kind = accRefType.getKind();
 		if (kind == null) {
 			kind = defaultKind;
 		}
-		this.resourceOid = accRefType.getResourceRef().getOid();
+		if (accRefType.getResourceRef() == null) {
+			this.resourceOid = defaultResourceOid;
+		} else {
+			this.resourceOid = accRefType.getResourceRef().getOid();
+		}
 		this.thombstone = false;
 		setIntent(accRefType.getIntent());
 		setKind(kind);

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ActivationProcessor.java

@@ -273,17 +273,17 @@ public <F extends FocusType> void processActivationUserCurrent(LensContext<F> co
         }
 
         if (capValidFrom != null) {
-	    	evaluateActivationMapping(context, accCtx, activationType.getAdministrativeStatus(),
+	    	evaluateActivationMapping(context, accCtx, activationType.getValidFrom(),
 	    			SchemaConstants.PATH_ACTIVATION_VALID_FROM, SchemaConstants.PATH_ACTIVATION_VALID_FROM, 
 	    			null, now, true, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
         } else {
         	LOGGER.trace("Skipping activation validFrom processing because {} does not have activation validFrom capability", accCtx.getResource());
         }
 
         if (capValidTo != null) {
-	    	evaluateActivationMapping(context, accCtx, activationType.getAdministrativeStatus(),
+	    	evaluateActivationMapping(context, accCtx, activationType.getValidTo(),
 	    			SchemaConstants.PATH_ACTIVATION_VALID_TO, SchemaConstants.PATH_ACTIVATION_VALID_TO, 
-	    			null, now, true, ActivationType.F_VALID_FROM.getLocalPart(), task, result);
+	    			null, now, true, ActivationType.F_VALID_TO.getLocalPart(), task, result);
 	    } else {
 	    	LOGGER.trace("Skipping activation validTo processing because {} does not have activation validTo capability", accCtx.getResource());
 	    }

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java

@@ -318,7 +318,7 @@ private <F extends ObjectType> void loadObjectCurrent(LensContext<F> context, Op
             return;
         }
         ObjectDelta<F> objectDelta = focusContext.getDelta();
-        if (objectDelta != null && objectDelta.isAdd()) {
+        if (objectDelta != null && objectDelta.isAdd() && focusContext.getExecutedDeltas().isEmpty()) {
             //we're adding the focal object. No need to load it, it is in the delta
         	focusContext.setFresh(true);
             return;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/Projector.java

@@ -391,7 +391,8 @@ private <F extends ObjectType> LensProjectionContext determineProjectionWave(Len
 			}
 			checkForCircular(depPath, outDependency);
 			depPath.add(outDependency);
-			ResourceShadowDiscriminator refDiscr = new ResourceShadowDiscriminator(outDependency, projectionContext.getKind());
+			ResourceShadowDiscriminator refDiscr = new ResourceShadowDiscriminator(outDependency, 
+					projectionContext.getResource().getOid(), projectionContext.getKind());
 			LensProjectionContext dependencyProjectionContext = findDependencyContext(context, projectionContext, outDependency);
 //			if (LOGGER.isTraceEnabled()) {
 //				LOGGER.trace("DEP: {} -> {}", refDiscr, dependencyProjectionContext);
@@ -473,7 +474,8 @@ private boolean isHigerOrder(ResourceObjectTypeDependencyType a,
 	 */
 	private <F extends ObjectType> LensProjectionContext findDependencyContext(
 			LensContext<F> context, LensProjectionContext projContext, ResourceObjectTypeDependencyType dependency){
-		ResourceShadowDiscriminator refDiscr = new ResourceShadowDiscriminator(dependency, projContext.getKind());
+		ResourceShadowDiscriminator refDiscr = new ResourceShadowDiscriminator(dependency, 
+				projContext.getResource().getOid(), projContext.getKind());
 		LensProjectionContext selected = null;
 		for (LensProjectionContext projectionContext: context.getProjectionContexts()) {
 			if (!projectionContext.compareResourceShadowDiscriminator(refDiscr, false)) {
@@ -511,21 +513,21 @@ private <F extends ObjectType> LensProjectionContext createAnotherContext(LensCo
 	 * and stuff like that. 
 	 */
 	private <F extends ObjectType> boolean checkDependencies(LensContext<F> context, 
-    		LensProjectionContext accountContext) throws PolicyViolationException {
-		if (accountContext.isDelete()) {
+    		LensProjectionContext projContext) throws PolicyViolationException {
+		if (projContext.isDelete()) {
 			// It is OK if we depend on something that is not there if we are being removed ... for now
 			return true;
 		}
 
-		if (accountContext.getOid() == null || accountContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD) {
+		if (projContext.getOid() == null || projContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD) {
 			// Check for lower-order contexts
 			LensProjectionContext lowerOrderContext = null;
 			for (LensProjectionContext projectionContext: context.getProjectionContexts()) {
-				if (accountContext == projectionContext) {
+				if (projContext == projectionContext) {
 					continue;
 				}
-				if (projectionContext.compareResourceShadowDiscriminator(accountContext.getResourceShadowDiscriminator(), false) &&
-						projectionContext.getResourceShadowDiscriminator().getOrder() < accountContext.getResourceShadowDiscriminator().getOrder()) {
+				if (projectionContext.compareResourceShadowDiscriminator(projContext.getResourceShadowDiscriminator(), false) &&
+						projectionContext.getResourceShadowDiscriminator().getOrder() < projContext.getResourceShadowDiscriminator().getOrder()) {
 					if (projectionContext.getOid() != null) {
 						lowerOrderContext = projectionContext;
 						break;
@@ -534,41 +536,42 @@ private <F extends ObjectType> boolean checkDependencies(LensContext<F> context,
 			}
 			if (lowerOrderContext != null) {
 				if (lowerOrderContext.getOid() != null) {
-					if (accountContext.getOid() == null) {
-						accountContext.setOid(lowerOrderContext.getOid());
+					if (projContext.getOid() == null) {
+						projContext.setOid(lowerOrderContext.getOid());
 					}
-					if (accountContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD) {
+					if (projContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD) {
 						// This context cannot be ADD. There is a lower-order context with an OID
 						// it means that the lower-order projection exists, we cannot add it twice
-						accountContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.KEEP);
+						projContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.KEEP);
 					}
 				}
 				if (lowerOrderContext.isDelete()) {
-					accountContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.DELETE);
+					projContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.DELETE);
 				}
 			}
 		}		
 
-		for (ResourceObjectTypeDependencyType dependency: accountContext.getDependencies()) {
-			ResourceShadowDiscriminator refRat = new ResourceShadowDiscriminator(dependency, accountContext.getKind());
+		for (ResourceObjectTypeDependencyType dependency: projContext.getDependencies()) {
+			ResourceShadowDiscriminator refRat = new ResourceShadowDiscriminator(dependency, 
+					projContext.getResource().getOid(), projContext.getKind());
 			LOGGER.trace("LOOKING FOR {}", refRat);
 			LensProjectionContext dependencyAccountContext = context.findProjectionContext(refRat);
 			ResourceObjectTypeDependencyStrictnessType strictness = ResourceTypeUtil.getDependencyStrictness(dependency);
 			if (dependencyAccountContext == null) {
 				if (strictness == ResourceObjectTypeDependencyStrictnessType.STRICT) {
 					// This should not happen, it is checked before projection
 					throw new PolicyViolationException("Unsatisfied strict dependency of "
-							+ accountContext.getResourceShadowDiscriminator().toHumanReadableString() +
+							+ projContext.getResourceShadowDiscriminator().toHumanReadableString() +
 							" dependent on " + refRat.toHumanReadableString() + ": No context in dependency check");
 				} else if (strictness == ResourceObjectTypeDependencyStrictnessType.LAX) {
 					// independent object not in the context, just ignore it
 					LOGGER.trace("Unsatisfied lax dependency of account " + 
-							accountContext.getResourceShadowDiscriminator().toHumanReadableString() +
+							projContext.getResourceShadowDiscriminator().toHumanReadableString() +
 							" dependent on " + refRat.toHumanReadableString() + "; dependency skipped");
 				} else if (strictness == ResourceObjectTypeDependencyStrictnessType.RELAXED) {
 					// independent object not in the context, just ignore it
 					LOGGER.trace("Unsatisfied relaxed dependency of account "
-							+ accountContext.getResourceShadowDiscriminator().toHumanReadableString() +
+							+ projContext.getResourceShadowDiscriminator().toHumanReadableString() +
 							" dependent on " + refRat.toHumanReadableString() + "; dependency skipped");
 				} else {
 					throw new IllegalArgumentException("Unknown dependency strictness "+dependency.getStrictness()+" in "+refRat);
@@ -582,9 +585,9 @@ private <F extends ObjectType> boolean checkDependencies(LensContext<F> context,
 					} else {
 						// We do not want to throw exception here. That will stop entire projection.
 						// Let's just mark the projection as broken and skip it.
-						LOGGER.warn("Unsatisfied dependency of account "+accountContext.getResourceShadowDiscriminator()+
-								" dependent on "+refRat+": Account not provisioned in dependency check (execution wave "+context.getExecutionWave()+", account wave "+accountContext.getWave() + ", depenedency account wave "+dependencyAccountContext.getWave()+")");
-						accountContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.BROKEN);
+						LOGGER.warn("Unsatisfied dependency of account "+projContext.getResourceShadowDiscriminator()+
+								" dependent on "+refRat+": Account not provisioned in dependency check (execution wave "+context.getExecutionWave()+", account wave "+projContext.getWave() + ", depenedency account wave "+dependencyAccountContext.getWave()+")");
+						projContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.BROKEN);
 						return false;
 					}
 				} else if (strictness == ResourceObjectTypeDependencyStrictnessType.LAX) {

repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java

@@ -36,6 +36,10 @@ public class AuthorizationConstants {
 	public static final QName AUTZ_ALL_QNAME = new QName(NS_AUTHORIZATION, "all");
 	public static final String AUTZ_ALL_URL = QNameUtil.qNameToUri(AUTZ_ALL_QNAME);
 
+	public static final QName AUTZ_DEVEL_QNAME = new QName(NS_AUTHORIZATION, "devel");
+	public static final String AUTZ_DEVEL_URL = NS_AUTHORIZATION + "#devel";
+//	public static final String AUTZ_DEVEL_URL = QNameUtil.qNameToUri(AUTZ_DEVEL_QNAME);
+
 	public static final QName AUTZ_DENY_ALL_QNAME = new QName(NS_AUTHORIZATION, "denyAll");
 	public static final String AUTZ_DENY_ALL_URL = QNameUtil.qNameToUri(AUTZ_DENY_ALL_QNAME);
     public static final String AUTZ_DENY_ALL = NS_AUTHORIZATION + "#denyAll";

testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java

@@ -51,6 +51,7 @@
 import com.evolveum.icf.dummy.resource.DummyObjectClass;
 import com.evolveum.icf.dummy.resource.DummyResource;
 import com.evolveum.icf.dummy.resource.DummySyncStyle;
+import com.evolveum.midpoint.common.InternalsConfig;
 import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
 import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
 import com.evolveum.midpoint.common.refinery.ShadowDiscriminatorObjectDelta;
@@ -162,6 +163,9 @@ public class TestVillage extends AbstractStoryTest {
 	public static final File ROLE_META_FUNCTIONAL_ORG_FILE = new File(TEST_DIR, "role-meta-functional-org.xml");
 	public static final String ROLE_META_FUNCTIONAL_ORG_OID = "74aac2c8-ca0f-11e3-bb29-001e8c717e5b";
 
+	public static final File ROLE_META_PROJECT_ORG_FILE = new File(TEST_DIR, "role-meta-project-org.xml");
+	public static final String ROLE_META_PROJECT_ORG_OID = "ab33ec1e-0c0b-11e4-ba88-001e8c717e5b";
+
 	protected static final File ORGS_FILE = new File(TEST_DIR, "orgs.xml");
 	public static final String ORG_GOV_NAME = "Gov";
 	public static final String ORG_EXEC_NAME = "Exec";
@@ -173,6 +177,9 @@ public class TestVillage extends AbstractStoryTest {
 	private static final File GLOBAL_PASSWORD_POLICY_FILE = new File(TEST_DIR, "global-password-policy.xml");
 	private static final File ORG_PASSWORD_POLICY_FILE = new File(TEST_DIR, "org-password-policy.xml");
 
+	public static final File ORG_PROJECT_JOLLY_ROGER_FILE = new File(TEST_DIR, "org-project-jolly-roger.xml");
+	public static final String ORG_PROJECT_JOLLY_ROGER_OID = "a9ac1aa2-0c0f-11e4-9214-001e8c717e5b";
+
 	protected static final File TASK_LIVE_SYNC_DUMMY_SOURCE_FILE = new File(TEST_DIR, "task-dumy-source-livesync.xml");
 	protected static final String TASK_LIVE_SYNC_DUMMY_SOURCE_OID = "10000000-0000-0000-5555-555500000001";
 
@@ -290,6 +297,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		importObjectFromFile(ROLE_BASIC_FILE, initResult);
 		importObjectFromFile(ROLE_SIMPLE_FILE, initResult);
 		importObjectFromFile(ROLE_META_FUNCTIONAL_ORG_FILE, initResult);
+		importObjectFromFile(ROLE_META_PROJECT_ORG_FILE, initResult);
 
 		// Org
 		repoAddObjectsFromFile(ORGS_FILE, OrgType.class, initResult);
@@ -602,10 +610,12 @@ public void test132ModifySrcAccountHermanDeleteOrg() throws Exception {
         DummyAccount account = dummyResourceSrc.getAccountByUsername(ACCOUNT_HERMAN_USERNAME);
 
         // WHEN
+        TestUtil.displayWhen(TEST_NAME);
         account.replaceAttributeValues(DUMMY_ACCOUNT_ATTRIBUTE_SRC_ORG);
         waitForTaskNextRun(TASK_LIVE_SYNC_DUMMY_SOURCE_OID, true);
 
         // THEN
+        TestUtil.displayThen(TEST_NAME);
         PrismObject<UserType> user = findUserByUsername(getUsername(ACCOUNT_HERMAN_FIST_NAME, ACCOUNT_HERMAN_LAST_NAME, null));
         assertUserNoRole(user, ACCOUNT_HERMAN_FIST_NAME, ACCOUNT_HERMAN_LAST_NAME, null);
         assertLocGov(user, null, null);
@@ -633,9 +643,11 @@ public void test200createUserAssignOrgPwdPolicy() throws Exception{
 		Collection deltas = MiscUtil.createCollection(orgPasswordPolicyRefDelta);
 		modelService.executeChanges(deltas, null, task, result);
 
+		InternalsConfig.avoidLoggingChange = true;
 		ObjectDelta sysConfigPasswordPolicyRefDelta = ObjectDelta.createModificationAddReference(SystemConfigurationType.class, SYSTEM_CONFIGURATION_OID, SystemConfigurationType.F_GLOBAL_PASSWORD_POLICY_REF, prismContext, GLOBAL_PASSWORD_POLICY_OID);
 		deltas = MiscUtil.createCollection(sysConfigPasswordPolicyRefDelta);
 		modelService.executeChanges(deltas, null, task, result);
+		InternalsConfig.avoidLoggingChange = false;
 
 		//add user + assign role + assign org with the password policy specified
 		PrismObject<UserType> objectToAdd = PrismTestUtil.parseObject(USER_MIKE_FILE);
@@ -651,15 +663,15 @@ public void test200createUserAssignOrgPwdPolicy() throws Exception{
 
 	@Test
 	public void test201unassignRole() throws Exception{
-		final String TEST_NAME = "test200createUserAssignOrgPwdPolicy";
+		final String TEST_NAME = "test201unassignRole";
         TestUtil.displayTestTile(this, TEST_NAME);
 		unassignRole(USER_MIKE_OID, ROLE_BASIC_OID);
 		//TODO: assertions
 	}
 
 	@Test
 	public void test202assignRoleOrgPwdPolicy() throws Exception{
-		final String TEST_NAME = "test200createUserAssignOrgPwdPolicy";
+		final String TEST_NAME = "test202assignRoleOrgPwdPolicy";
         TestUtil.displayTestTile(this, TEST_NAME);
 
         //this will throw exception, if incorrect pwd policy is selected...but some assertion will be nice :)
@@ -668,7 +680,31 @@ public void test202assignRoleOrgPwdPolicy() throws Exception{
 		//TODO: assertion
 	}
 
-
+	@Test
+    public void test300AddProjectJollyRoger() throws Exception {
+		final String TEST_NAME = "test300AddProjectJollyRoger";
+        TestUtil.displayTestTile(this, TEST_NAME);
+        Task task = taskManager.createTaskInstance(TestTrafo.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        addObject(ORG_PROJECT_JOLLY_ROGER_FILE, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        // TODO
+        PrismObject<OrgType> org = getObject(OrgType.class, ORG_PROJECT_JOLLY_ROGER_OID);
+        display("Org", org);
+        assertLinks(org, 2);
+
+        SearchResultEntry ouEntry = openDJController.fetchAndAssertEntry("ou=Jolly Roger,dc=example,dc=com", "organizationalUnit");
+        SearchResultEntry groupEntry = openDJController.fetchAndAssertEntry("cn=admins,ou=Jolly Roger,dc=example,dc=com", "groupOfUniqueNames");
+      //TODO: assertions
+	}
 
 
 	private void assertLocGov(PrismObject<UserType> user, String expLoc, String expOrg) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException {