Fixed MID-3344: "Access denied" exceptions when approver opens its wo…

…rk items

and fixed reporting of ObjectNotFoundExceptions when viewing changes-to-be-approved for (yet) non-existing users.

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebModelServiceUtils.java

@@ -244,6 +244,11 @@ public static <T extends ObjectType> PrismObject<T> loadObject(Class<T> type, St
         	LOGGER.debug("User {} is not authorized to read {} {}",
                     task.getOwner() != null ? task.getOwner().getName() : null, type.getSimpleName(), oid);
         	return null;
+        } catch (ObjectNotFoundException e) {
+        	// Object does not exist. It was deleted in the meanwhile, or not created yet. This could happen quite often.
+			subResult.recordHandledError(e);
+			LOGGER.debug("{} {} does not exist", type.getSimpleName(), oid, e);
+			return null;
         } catch (Exception ex) {
             subResult.recordFatalError("WebModelUtils.couldntLoadObject", ex);
             LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load object", ex);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageWorkItem.java

@@ -141,7 +141,7 @@ private WorkItemDto loadWorkItemDtoIfNecessary() {
 					LoggingUtils.logExceptionOnDebugLevel(LOGGER, "Access to the task {} was denied", e, taskOid);
 				}
 
-				if (taskType != null) {
+				if (taskType != null && taskType.getParent() != null) {
 					final ObjectQuery relatedTasksQuery = QueryBuilder.queryFor(TaskType.class, getPrismContext())
 							.item(F_PARENT).eq(taskType.getParent())
 							.build();

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/Resolver.java

@@ -128,7 +128,10 @@ public <O extends ObjectType> void resolve(ObjectDelta<O> objectDelta, Task task
 					if (!originalObjectFetched && oid != null) {
 						try {
 							originalObject = modelService.getObject(clazz, oid, createCollection(createNoFetch()), task, result);
-						} catch (RuntimeException | SchemaException | ConfigurationException | CommunicationException | SecurityViolationException | ObjectNotFoundException e) {
+						} catch (ObjectNotFoundException e) {
+							result.recordHandledError(e);
+							LoggingUtils.logExceptionOnDebugLevel(LOGGER, "Object {} does not exist", e, oid);
+						} catch (RuntimeException | SchemaException | ConfigurationException | CommunicationException | SecurityViolationException e) {
 							LoggingUtils.logUnexpectedException(LOGGER, "Couldn't resolve object {}", e, oid);
 							warn(result, "Couldn't resolve object " + oid + ": " + e.getMessage(), e);
 						}

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/Visualizer.java

@@ -231,11 +231,12 @@ private PrismObject<? extends ObjectType> getObject(String oid, Class<? extends
 			object = modelService.getObject(objectTypeClass, oid, createCollection(createNoFetch()), task, result);
 			context.putObject(object);
 			return object;
-		} catch (RuntimeException|SchemaException|ConfigurationException|CommunicationException|SecurityViolationException e) {
-			LoggingUtils.logUnexpectedException(LOGGER, "Couldn't resolve object {}", e, oid);
-			result.recordWarning("Couldn't resolve object " + oid + ": " + e.getMessage(), e);
-			return null;
 		} catch (ObjectNotFoundException e) {
+			// Not a big problem: object does not exist (was already deleted or was not yet created).
+			LoggingUtils.logExceptionOnDebugLevel(LOGGER, "Object {} does not exist", e, oid);
+			result.recordHandledError(e);
+			return null;
+		} catch (RuntimeException|SchemaException|ConfigurationException|CommunicationException|SecurityViolationException e) {
 			LoggingUtils.logUnexpectedException(LOGGER, "Couldn't resolve object {}", e, oid);
 			result.recordWarning("Couldn't resolve object " + oid + ": " + e.getMessage(), e);
 			return null;