Authorization with orderConstraints (MID-4866)

Evolveum · Oct 5, 2018 · 8fcb0ec · 8fcb0ec
1 parent 1e9d4d7
commit 8fcb0ec
Show file tree

Hide file tree

Showing 14 changed files with 806 additions and 89 deletions.
diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
@@ -223,6 +223,7 @@ public abstract class SchemaConstants {
 			ResourceType.F_OPERATIONAL_STATE, OperationalStateType.F_LAST_AVAILABILITY_STATUS);
 	public static final ItemPath PATH_ATTRIBUTES = new ItemPath(C_ATTRIBUTES);
 	public static final ItemPath PATH_ASSIGNMENT = new ItemPath(FocusType.F_ASSIGNMENT);
+	public static final ItemPath PATH_INDUCEMENT = new ItemPath(AbstractRoleType.F_INDUCEMENT);
 	public static final ItemPath PATH_ASSIGNMENT_ACTIVATION = new ItemPath(FocusType.F_ASSIGNMENT, AssignmentType.F_ACTIVATION);
 	public static final ItemPath PATH_ASSIGNMENT_ACTIVATION_EFFECTIVE_STATUS = new ItemPath(FocusType.F_ASSIGNMENT, AssignmentType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS);
 	public static final ItemPath PATH_ASSIGNMENT_ACTIVATION_VALID_FROM = new ItemPath(FocusType.F_ASSIGNMENT, AssignmentType.F_ACTIVATION, ActivationType.F_VALID_FROM);

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDebugUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDebugUtil.java
@@ -58,6 +58,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceAttributeDefinitionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDependencyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ScheduleType;
@@ -879,6 +880,13 @@ public static String prettyPrint(UnknownJavaObjectType xml) {
 		}
 		return "Java("+xml.getClazz()+","+xml.getToString()+")";
 	}
+
+	public static String prettyPrint(OrderConstraintsType constraints) {
+		StringBuilder sb = new StringBuilder("OrderConstraintsType(");
+		shortDump(sb, constraints);
+		sb.append(")");
+		return sb.toString();
+	}
 
 //	public static String prettyPrint(OperationProvisioningScriptsType scriptsType) {
 //		if (scriptsType == null) {
@@ -953,7 +961,7 @@ private static String tryPrettyPrint(Object value) {
 		return null;
 	}
 
-	public static String prettyPrint(ObjectQuery query){
+	public static String prettyPrint(ObjectQuery query) {
 		return query.toString();
 	}
 
@@ -997,6 +1005,54 @@ public static void shortDump(StringBuilder sb, ObjectDeltaOperationType deltaOpT
 			sb.append(result.getStatus());
 		}
 	}
+
+	public static void shortDump(StringBuilder sb, OrderConstraintsType constraints) {
+		if (constraints == null) {
+			sb.append("null");
+			return;
+		}
+		Integer order = constraints.getOrder();
+		if (order != null) {
+			sb.append(order);
+		}
+		String orderMin = constraints.getOrderMin();
+		String orderMax = constraints.getOrderMax();
+		if (orderMin != null || orderMax != null) {
+			sb.append("<").append(orderMin).append(",").append(orderMax).append(">");
+		}
+		QName relation = constraints.getRelation();
+		if (relation != null) {
+			sb.append(",relation=").append(prettyPrint(relation));
+		}
+		Integer resetOrder = constraints.getResetOrder();
+		if (resetOrder != null) {
+			sb.append(",resetOrder=").append(resetOrder);
+		}
+	}
+
+	public static void shortDumpOrderConstraintsList(StringBuilder sb, List<OrderConstraintsType> orderConstraints) {
+		if (orderConstraints == null) {
+			sb.append("null");
+		} else {
+			sb.append("[");
+			Iterator<OrderConstraintsType> i = orderConstraints.iterator();
+			while (i.hasNext()) {
+				sb.append("(");
+				SchemaDebugUtil.shortDump(sb, i.next());
+				sb.append(")");
+				if (i.hasNext()) {
+					sb.append(",");
+				}
+			}
+			sb.append("]");
+		}
+	}
+
+	public static String shortDumpOrderConstraintsList(List<OrderConstraintsType> orderConstraints) {
+		StringBuilder sb = new StringBuilder();
+		shortDumpOrderConstraintsList(sb, orderConstraints);
+		return sb.toString();
+	}
 
 	static {
 		PrettyPrinter.registerPrettyPrinter(SchemaDebugUtil.class);

diff --git a/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.java b/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.java
@@ -1101,7 +1101,9 @@ private void collectMembership(FocusType targetType, QName relation, EvaluationC
 	private void collectTenantRef(FocusType targetType, AssignmentEvaluator<F>.EvaluationContext ctx) {
 		if (targetType instanceof OrgType) {
 			if (BooleanUtils.isTrue(((OrgType)targetType).isTenant()) && ctx.evalAssignment.getTenantOid() == null) {
-				ctx.evalAssignment.setTenantOid(targetType.getOid());
+				if (ctx.assignmentPath.hasOnlyOrgs()) {
+					ctx.evalAssignment.setTenantOid(targetType.getOid());
+				}
 			}
 		}
 	}

diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathImpl.java
@@ -31,6 +31,8 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ExtensionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+
 import org.jetbrains.annotations.NotNull;
 
 /**
@@ -150,6 +152,19 @@ public ObjectType getProtoRole() {
 		return protoRole;
 	}
 
+	public boolean hasOnlyOrgs() {
+		for (AssignmentPathSegmentImpl segment : segments) {
+			if (segment.getTarget() == null) {
+				return false;
+			}
+			if (!(segment.getTarget() instanceof OrgType)) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+
 	@Override
 	public AssignmentPathImpl clone() {
 		return cloneFirst(size());
@@ -167,11 +182,6 @@ public String toString() {
 		return "AssignmentPath(" + segments + ")";
 	}
 
-	@Override
-	public String debugDump() {
-		return debugDump(0);
-	}
-
 	@Override
 	public String debugDump(int indent) {
 		StringBuilder sb = new StringBuilder();
@@ -274,4 +284,5 @@ public boolean equivalent(AssignmentPath other) {
 		}
 		return true;
 	}
+
 }
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/Clockwork.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/Clockwork.java
@@ -451,9 +451,10 @@ public <F extends ObjectType> HookOperationMode click(LensContext<F> context, Ta
 
 			if (recompute) {
 				context.cleanup();
+				LOGGER.trace("Running projector with cleaned-up context for execution wave {}", context.getExecutionWave());
 				projector.project(context, "PROJECTOR ("+state+")", task, result);
 			} else if (context.getExecutionWave() == context.getProjectionWave()) {
-				LOGGER.trace("Running projector for current execution wave");
+				LOGGER.trace("Resuming projector for execution wave {}", context.getExecutionWave());
 				projector.resume(context, "PROJECTOR ("+state+")", task, result);
 			} else {
 				LOGGER.trace("Skipping projection because the context is fresh and projection for current wave has already run");