Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismValuePanel.java

@@ -421,6 +421,10 @@ public void uploadFileFailed(AjaxRequestTarget target) {
             if (type != null && type.isPrimitive()) {
                 type = ClassUtils.primitiveToWrapper(type);
             }
+//            // default QName validation is a bit weird, so let's treat QNames as strings [TODO finish this - at the parsing side]
+//            if (type == QName.class) {
+//                type = String.class;
+//            }
             panel = new TextPanel<>(id, new PropertyModel<String>(model, baseExpression), type);
         }
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/ExpressionConstants.java

@@ -42,8 +42,10 @@ public class ExpressionConstants {
 	public static final QName VAR_MODEL_CONTEXT = new QName(SchemaConstants.NS_C, "modelContext");
 	public static final QName VAR_PRISM_CONTEXT = new QName(SchemaConstants.NS_C, "prismContext");
 	public static final QName VAR_CONFIGURATION = new QName(SchemaConstants.NS_C, "configuration");
-
+    public static final QName VAR_ACTOR = new QName(SchemaConstants.NS_C, "actor");
+
 	public static final QName VAR_LEGAL = new QName(SchemaConstants.NS_C, "legal");
+    public static final QName VAR_ASSIGNED = new QName(SchemaConstants.NS_C, "assigned");
 	public static final QName VAR_FOCUS_EXISTS = new QName(SchemaConstants.NS_C, "focusExists");
 	public static final QName VAR_ADMINISTRATIVE_STATUS = new QName(SchemaConstants.NS_C, "administrativeStatus");
 

infra/schema/src/main/resources/xml/ns/public/model/context/model-context-3.xsd

@@ -368,6 +368,13 @@
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>
+                    <xsd:element name="isAssignedOld" type="xsd:boolean" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                "Old" version of isAssigned.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
                     <xsd:element name="isActive" type="xsd:boolean" minOccurs="0">
                         <xsd:annotation>
                             <xsd:documentation>
@@ -378,14 +385,14 @@
                     <xsd:element name="isLegal" type="xsd:boolean" minOccurs="0">
                         <xsd:annotation>
                             <xsd:documentation>
-                                True if there is a valid assignment for this projection and/or the policy allows such project to exist.
+                                True if there is a valid assignment for this projection and/or the policy allows such projection to exist.
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>
                     <xsd:element name="isLegalOld" type="xsd:boolean" minOccurs="0">
                         <xsd:annotation>
                             <xsd:documentation>
-                                True if there is a valid assignment for this projection and/or the policy allows such project to exist.
+                                True if there is a valid assignment for this projection and/or the policy allows such projection to exist.
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractSearchExpressionEvaluator.java

@@ -21,6 +21,7 @@
 
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.QNameUtil;
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
 
@@ -92,8 +93,8 @@ public abstract class AbstractSearchExpressionEvaluator<V extends PrismValue>
 
 	protected AbstractSearchExpressionEvaluator(SearchObjectExpressionEvaluatorType expressionEvaluatorType, 
 			ItemDefinition outputDefinition, Protector protector, ObjectResolver objectResolver, 
-			ModelService modelService, PrismContext prismContext) {
-		super(expressionEvaluatorType);
+			ModelService modelService, PrismContext prismContext, SecurityEnforcer securityEnforcer) {
+		super(expressionEvaluatorType, securityEnforcer);
 		this.outputDefinition = outputDefinition;
 		this.prismContext = prismContext;
 		this.protector = protector;

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java

@@ -41,14 +41,19 @@
 import com.evolveum.midpoint.prism.xml.XsdTypeMapper;
 import com.evolveum.midpoint.schema.constants.ExpressionConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.PrettyPrinter;
 import com.evolveum.midpoint.util.Processor;
 import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.util.exception.TunnelException;
+import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.TransformExpressionEvaluatorType;
@@ -57,6 +62,7 @@
 import javax.xml.bind.JAXBElement;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 import org.w3c.dom.Element;
 
 import java.util.ArrayList;
@@ -74,12 +80,15 @@
 public abstract class AbstractValueTransformationExpressionEvaluator<V extends PrismValue, E extends TransformExpressionEvaluatorType>
 						implements ExpressionEvaluator<V> {
 
+    private SecurityEnforcer securityEnforcer;
+
 	private E expressionEvaluatorType;
 
 	private static final Trace LOGGER = TraceManager.getTrace(AbstractValueTransformationExpressionEvaluator.class);
 
-    protected AbstractValueTransformationExpressionEvaluator(E expressionEvaluatorType) {
+    protected AbstractValueTransformationExpressionEvaluator(E expressionEvaluatorType, SecurityEnforcer securityEnforcer) {
     	this.expressionEvaluatorType = expressionEvaluatorType;
+        this.securityEnforcer = securityEnforcer;
     }
 
     public E getExpressionEvaluatorType() {
@@ -91,10 +100,12 @@ public E getExpressionEvaluatorType() {
 	 */
 	@Override
 	public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context) throws SchemaException,
-			ExpressionEvaluationException, ObjectNotFoundException {
+            ExpressionEvaluationException, ObjectNotFoundException {
 
         PrismValueDeltaSetTriple<V> outputTriple = new PrismValueDeltaSetTriple<V>();
-
+
+        addActorVariable(context.getVariables());
+
         if (expressionEvaluatorType.getRelativityMode() == TransformExpressionRelativityModeType.ABSOLUTE) {
 
         	outputTriple = evaluateAbsoluteExpression(context.getSources(), context.getVariables(), context,
@@ -183,8 +194,8 @@ private List<SourceTriple<? extends PrismValue>> processSources(Collection<Sourc
 	}
 
 	private PrismValueDeltaSetTriple<V> evaluateAbsoluteExpression(Collection<Source<? extends PrismValue>> sources,
-			ExpressionVariables variables, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result) 
-					throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
+			ExpressionVariables variables, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result)
+            throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
 
 		PrismValueDeltaSetTriple<V> outputTriple;
 
@@ -272,7 +283,7 @@ private Collection<V> evaluateScriptExpression(Collection<Source<? extends Prism
 				scriptVariables.addVariableDefinition(name, value);
 			}
 		}
-		
+
 		List<V> scriptResults = transformSingleValue(scriptVariables, null, useNew, params,
 				(useNew ? "(new) " : "(old) " ) + contextDescription, task, result);
 
@@ -303,8 +314,27 @@ private Collection<V> evaluateScriptExpression(Collection<Source<? extends Prism
 
 		return outputSet;
 	}
-
-	protected abstract List<V> transformSingleValue(ExpressionVariables variables, PlusMinusZero valueDestination,
+
+    private void addActorVariable(ExpressionVariables scriptVariables) {
+        UserType actor = null;
+        try {
+            if (securityEnforcer != null) {
+                MidPointPrincipal principal = securityEnforcer.getPrincipal();
+                if (principal != null) {
+                    actor = principal.getUser();
+                }
+            }
+            if (actor == null) {
+                LOGGER.error("Couldn't get principal information - the 'actor' variable is set to null");
+            }
+        } catch (SecurityViolationException e) {
+            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't get principal information - the 'actor' variable is set to null", e);
+        }
+
+        scriptVariables.addVariableDefinition(ExpressionConstants.VAR_ACTOR, actor);
+    }
+
+    protected abstract List<V> transformSingleValue(ExpressionVariables variables, PlusMinusZero valueDestination,
 			boolean useNew, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result)
 			throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException;
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssignmentTargetSearchExpressionEvaluator.java

@@ -26,6 +26,7 @@
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.util.logging.Trace;
@@ -45,8 +46,8 @@ public class AssignmentTargetSearchExpressionEvaluator
 
 	public AssignmentTargetSearchExpressionEvaluator(SearchObjectExpressionEvaluatorType expressionEvaluatorType, 
 			ItemDefinition outputDefinition, Protector protector, ObjectResolver objectResolver, 
-			ModelService modelService, PrismContext prismContext) {
-		super(expressionEvaluatorType, outputDefinition, protector, objectResolver, modelService, prismContext);
+			ModelService modelService, PrismContext prismContext, SecurityEnforcer securityEnforcer) {
+		super(expressionEvaluatorType, outputDefinition, protector, objectResolver, modelService, prismContext, securityEnforcer);
 	}
 
 	protected PrismContainerValue<AssignmentType> createPrismValue(String oid, QName targetTypeQName, ExpressionEvaluationContext params) {

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssignmentTargetSearchExpressionEvaluatorFactory.java

@@ -30,6 +30,7 @@
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectFactory;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SearchObjectExpressionEvaluatorType;
@@ -45,13 +46,15 @@ public class AssignmentTargetSearchExpressionEvaluatorFactory implements Express
 	private Protector protector;
 	private ObjectResolver objectResolver;
 	private ModelService modelService;
+    private SecurityEnforcer securityEnforcer;
 
-	public AssignmentTargetSearchExpressionEvaluatorFactory(PrismContext prismContext, Protector protector, ObjectResolver objectResolver, ModelService modelService) {
+	public AssignmentTargetSearchExpressionEvaluatorFactory(PrismContext prismContext, Protector protector, ObjectResolver objectResolver, ModelService modelService, SecurityEnforcer securityEnforcer) {
 		super();
 		this.prismContext = prismContext;
 		this.protector = protector;
 		this.objectResolver = objectResolver;
 		this.modelService = modelService;
+        this.securityEnforcer = securityEnforcer;
 	}
 
 	/* (non-Javadoc)
@@ -87,7 +90,7 @@ public <V extends PrismValue> ExpressionEvaluator<V> createEvaluator(Collection<
             throw new SchemaException("assignment expression evaluator cannot handle elements of type " + evaluatorTypeObject.getClass().getName()+" in "+contextDescription);
         }
         AssignmentTargetSearchExpressionEvaluator expressionEvaluator = new AssignmentTargetSearchExpressionEvaluator((SearchObjectExpressionEvaluatorType)evaluatorTypeObject, 
-        		outputDefinition, protector, objectResolver, modelService, prismContext);
+        		outputDefinition, protector, objectResolver, modelService, prismContext, securityEnforcer);
         return (ExpressionEvaluator<V>) expressionEvaluator;
 	}
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssociationTargetSearchExpressionEvaluator.java

@@ -33,6 +33,7 @@
 import com.evolveum.midpoint.schema.constants.ObjectTypes;
 import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
@@ -53,8 +54,8 @@ public class AssociationTargetSearchExpressionEvaluator
 
 	public AssociationTargetSearchExpressionEvaluator(SearchObjectExpressionEvaluatorType expressionEvaluatorType, 
 			ItemDefinition outputDefinition, Protector protector, ObjectResolver objectResolver, 
-			ModelService modelService, PrismContext prismContext) {
-		super(expressionEvaluatorType, outputDefinition, protector, objectResolver, modelService, prismContext);
+			ModelService modelService, PrismContext prismContext, SecurityEnforcer securityEnforcer) {
+		super(expressionEvaluatorType, outputDefinition, protector, objectResolver, modelService, prismContext, securityEnforcer);
 	}
 
 	@Override

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssociationTargetSearchExpressionEvaluatorFactory.java

@@ -29,6 +29,7 @@
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectFactory;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SearchObjectExpressionEvaluatorType;
@@ -44,13 +45,15 @@ public class AssociationTargetSearchExpressionEvaluatorFactory implements Expres
 	private Protector protector;
 	private ObjectResolver objectResolver;
 	private ModelService modelService;
+    private SecurityEnforcer securityEnforcer;
 
-	public AssociationTargetSearchExpressionEvaluatorFactory(PrismContext prismContext, Protector protector, ObjectResolver objectResolver, ModelService modelService) {
+	public AssociationTargetSearchExpressionEvaluatorFactory(PrismContext prismContext, Protector protector, ObjectResolver objectResolver, ModelService modelService, SecurityEnforcer securityEnforcer) {
 		super();
 		this.prismContext = prismContext;
 		this.protector = protector;
 		this.objectResolver = objectResolver;
 		this.modelService = modelService;
+        this.securityEnforcer = securityEnforcer;
 	}
 
 	/* (non-Javadoc)
@@ -86,7 +89,7 @@ public <V extends PrismValue> ExpressionEvaluator<V> createEvaluator(Collection<
             throw new SchemaException("Association expression evaluator cannot handle elements of type " + evaluatorTypeObject.getClass().getName()+" in "+contextDescription);
         }
         AssociationTargetSearchExpressionEvaluator evaluator = new AssociationTargetSearchExpressionEvaluator((SearchObjectExpressionEvaluatorType)evaluatorTypeObject, 
-        		outputDefinition, protector, objectResolver, modelService, prismContext);
+        		outputDefinition, protector, objectResolver, modelService, prismContext, securityEnforcer);
         return (ExpressionEvaluator<V>) evaluator;
 	}
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/script/ScriptExpressionEvaluator.java

@@ -23,6 +23,7 @@
 import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.prism.delta.PlusMinusZero;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
@@ -42,8 +43,8 @@ public class ScriptExpressionEvaluator<V extends PrismValue>
 
 	private static final Trace LOGGER = TraceManager.getTrace(ScriptExpressionEvaluator.class);
 
-    ScriptExpressionEvaluator(ScriptExpressionEvaluatorType scriptType, ScriptExpression scriptExpression) {
-    	super(scriptType);
+    ScriptExpressionEvaluator(ScriptExpressionEvaluatorType scriptType, ScriptExpression scriptExpression, SecurityEnforcer securityEnforcer) {
+    	super(scriptType, securityEnforcer);
         this.scriptExpression = scriptExpression;
     }
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/script/ScriptExpressionEvaluatorFactory.java

@@ -25,6 +25,7 @@
 import com.evolveum.midpoint.prism.ItemDefinition;
 import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectFactory;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptExpressionEvaluatorType;
@@ -36,9 +37,11 @@
 public class ScriptExpressionEvaluatorFactory implements ExpressionEvaluatorFactory {
 
 	private ScriptExpressionFactory scriptExpressionFactory;
+    private SecurityEnforcer securityEnforcer;
 
-	public ScriptExpressionEvaluatorFactory(ScriptExpressionFactory scriptExpressionFactory) {
+	public ScriptExpressionEvaluatorFactory(ScriptExpressionFactory scriptExpressionFactory, SecurityEnforcer securityEnforcer) {
 		this.scriptExpressionFactory = scriptExpressionFactory;
+        this.securityEnforcer = securityEnforcer;
 	}
 
 	@Override
@@ -66,7 +69,7 @@ public <V extends PrismValue> ExpressionEvaluator<V> createEvaluator(Collection<
 
         ScriptExpression scriptExpression = scriptExpressionFactory.createScriptExpression(scriptType, outputDefinition, contextDescription);
 
-        return new ScriptExpressionEvaluator(scriptType, scriptExpression);
+        return new ScriptExpressionEvaluator(scriptType, scriptExpression, securityEnforcer);
 
 	}
 

model/model-common/src/test/java/com/evolveum/midpoint/model/common/expression/ExpressionTestUtil.java

@@ -32,6 +32,7 @@
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.crypto.AESProtector;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.test.util.MidPointTestConstants;
 
 /**
@@ -49,7 +50,7 @@ public static AESProtector createInitializedProtector(PrismContext prismContext)
         return protector;
 	}
 
-	public static ExpressionFactory createInitializedExpressionFactory(ObjectResolver resolver, AESProtector protector, PrismContext prismContext) {
+	public static ExpressionFactory createInitializedExpressionFactory(ObjectResolver resolver, AESProtector protector, PrismContext prismContext, SecurityEnforcer securityEnforcer) {
     	ExpressionFactory expressionFactory = new ExpressionFactory(resolver, prismContext);
 
     	// asIs
@@ -79,7 +80,7 @@ public static ExpressionFactory createInitializedExpressionFactory(ObjectResolve
         scriptExpressionFactory.registerEvaluator(XPathScriptEvaluator.XPATH_LANGUAGE_URL, xpathEvaluator);
         Jsr223ScriptEvaluator groovyEvaluator = new Jsr223ScriptEvaluator("Groovy", prismContext, protector);
         scriptExpressionFactory.registerEvaluator(groovyEvaluator.getLanguageUrl(), groovyEvaluator);
-        ScriptExpressionEvaluatorFactory scriptExpressionEvaluatorFactory = new ScriptExpressionEvaluatorFactory(scriptExpressionFactory);
+        ScriptExpressionEvaluatorFactory scriptExpressionEvaluatorFactory = new ScriptExpressionEvaluatorFactory(scriptExpressionFactory, securityEnforcer);
         expressionFactory.addEvaluatorFactory(scriptExpressionEvaluatorFactory);
 
         return expressionFactory;