Allowing c:actor variable to be used in source path expressions.

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionUtil.java

@@ -25,6 +25,10 @@
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.prism.query.ExpressionWrapper;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 import org.springframework.expression.ExpressionException;
@@ -652,4 +656,31 @@ public static PlusMinusZero computeConditionResultMode(boolean condOld, boolean
 		}
 		throw new IllegalStateException("notreached");
 	}
+
+    public static void addActorVariable(ExpressionVariables scriptVariables, SecurityEnforcer securityEnforcer) {
+        // There can already be a value, because for mappings, we create the variable before parsing sources.
+        // For other scripts we do it just before the execution, to catch all possible places where scripts can be executed.
+
+        UserType oldActor = (UserType) scriptVariables.get(ExpressionConstants.VAR_ACTOR);
+        if (oldActor != null) {
+            return;
+        }
+
+        UserType actor = null;
+        try {
+            if (securityEnforcer != null) {
+                MidPointPrincipal principal = securityEnforcer.getPrincipal();
+                if (principal != null) {
+                    actor = principal.getUser();
+                }
+            }
+            if (actor == null) {
+                LOGGER.error("Couldn't get principal information - the 'actor' variable is set to null");
+            }
+        } catch (SecurityViolationException e) {
+            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't get principal information - the 'actor' variable is set to null", e);
+        }
+        scriptVariables.addVariableDefinition(ExpressionConstants.VAR_ACTOR, actor);
+    }
+
 }

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java

@@ -18,6 +18,7 @@
 import com.evolveum.midpoint.model.common.expression.ExpressionEvaluationContext;
 import com.evolveum.midpoint.model.common.expression.ExpressionEvaluator;
 import com.evolveum.midpoint.model.common.expression.ExpressionSyntaxException;
+import com.evolveum.midpoint.model.common.expression.ExpressionUtil;
 import com.evolveum.midpoint.model.common.expression.ExpressionVariables;
 import com.evolveum.midpoint.model.common.expression.ItemDeltaItem;
 import com.evolveum.midpoint.model.common.expression.ObjectDeltaObject;
@@ -93,7 +94,7 @@ public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context)
 
         PrismValueDeltaSetTriple<V> outputTriple = new PrismValueDeltaSetTriple<V>();
 
-        addActorVariable(context.getVariables());
+        ExpressionUtil.addActorVariable(context.getVariables(), securityEnforcer);
 
         if (expressionEvaluatorType.getRelativityMode() == TransformExpressionRelativityModeType.ABSOLUTE) {
 
@@ -304,25 +305,6 @@ private Collection<V> evaluateScriptExpression(Collection<Source<? extends Prism
 		return outputSet;
 	}
 
-    private void addActorVariable(ExpressionVariables scriptVariables) {
-        UserType actor = null;
-        try {
-            if (securityEnforcer != null) {
-                MidPointPrincipal principal = securityEnforcer.getPrincipal();
-                if (principal != null) {
-                    actor = principal.getUser();
-                }
-            }
-            if (actor == null) {
-                LOGGER.error("Couldn't get principal information - the 'actor' variable is set to null");
-            }
-        } catch (SecurityViolationException e) {
-            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't get principal information - the 'actor' variable is set to null", e);
-        }
-
-        scriptVariables.addVariableDefinition(ExpressionConstants.VAR_ACTOR, actor);
-    }
-
     protected abstract List<V> transformSingleValue(ExpressionVariables variables, PlusMinusZero valueDestination,
 			boolean useNew, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result)
 			throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException;

model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/Mapping.java

@@ -30,6 +30,7 @@
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
 
 import org.apache.commons.lang.Validate;
@@ -114,6 +115,7 @@ public class Mapping<V extends PrismValue> implements DebugDumpable {
 	private String mappingContextDescription = null;
 	private MappingType mappingType;
 	private ObjectResolver objectResolver = null;
+    private SecurityEnforcer securityEnforcer;          // in order to get c:actor variable
 	private Source<?> defaultSource = null;
 	private ItemDefinition defaultTargetDefinition = null;
 	private ItemPath defaultTargetPath = null;
@@ -148,11 +150,12 @@ public class Mapping<V extends PrismValue> implements DebugDumpable {
 
 	private static final Trace LOGGER = TraceManager.getTrace(Mapping.class);
 
-	Mapping(MappingType mappingType, String contextDescription, ExpressionFactory expressionFactory) {
+	Mapping(MappingType mappingType, String contextDescription, ExpressionFactory expressionFactory, SecurityEnforcer securityEnforcer) {
 		Validate.notNull(mappingType);
 		this.contextDescription = contextDescription;
 		this.mappingType = mappingType;
 		this.expressionFactory = expressionFactory;
+        this.securityEnforcer = securityEnforcer;
 	}
 
 	public ObjectResolver getObjectResolver() {
@@ -474,8 +477,10 @@ public void setRefinedObjectClassDefinition(RefinedObjectClassDefinition refined
 	public void evaluate(Task task, OperationResult parentResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
 
 		OperationResult result = parentResult.createMinorSubresult(Mapping.class.getName()+".evaluate");
-
-		traceEvaluationStart();
+
+        ExpressionUtil.addActorVariable(variables, securityEnforcer);
+
+        traceEvaluationStart();
 
 		try {
 			evaluateTimeConstraintValid(result);
@@ -486,7 +491,7 @@ public void evaluate(Task task, OperationResult parentResult) throws ExpressionE
 				traceDeferred();
 				return;
 			}
-			
+
 			parseSources(result);
 			parseTarget();
 
@@ -1034,7 +1039,7 @@ private <T> PrismPropertyValue<T> filterValue(PrismPropertyValue<T> propertyValu
 	 * Shallow clone. Only the output is cloned deeply.
 	 */
 	public Mapping<V> clone() {
-		Mapping<V> clone = new Mapping<V>(mappingType, contextDescription, expressionFactory);
+		Mapping<V> clone = new Mapping<V>(mappingType, contextDescription, expressionFactory, securityEnforcer);
 		clone.conditionMaskNew = this.conditionMaskNew;
 		clone.conditionMaskOld = this.conditionMaskOld;
 		if (this.conditionOutputTriple != null) {

model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/MappingFactory.java

@@ -35,6 +35,7 @@
 import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.schema.util.ObjectResolver;
+import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AsIsExpressionEvaluatorType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.GenerateExpressionEvaluatorType;
@@ -54,6 +55,7 @@ public class MappingFactory {
 	private Protector protector;
 	private PrismContext prismContext;
 	private FilterManager<Filter> filterManager;
+    private SecurityEnforcer securityEnforcer;
 	private boolean profiling = false;
 
 	public ExpressionFactory getExpressionFactory() {
@@ -96,7 +98,15 @@ public void setFilterManager(FilterManager<Filter> filterManager) {
 		this.filterManager = filterManager;
 	}
 
-	public boolean isProfiling() {
+    public SecurityEnforcer getSecurityEnforcer() {
+        return securityEnforcer;
+    }
+
+    public void setSecurityEnforcer(SecurityEnforcer securityEnforcer) {
+        this.securityEnforcer = securityEnforcer;
+    }
+
+    public boolean isProfiling() {
 		return profiling;
 	}
 
@@ -105,7 +115,7 @@ public void setProfiling(boolean profiling) {
 	}
 
 	public <V extends PrismValue> Mapping<V> createMapping(MappingType mappingType, String shortDesc) {
-		Mapping<V> mapping = new Mapping<V>(mappingType, shortDesc, expressionFactory);
+		Mapping<V> mapping = new Mapping<>(mappingType, shortDesc, expressionFactory, securityEnforcer);
 		mapping.setFilterManager(filterManager);
 		mapping.setProfiling(profiling);
 		return mapping;

model/model-impl/src/main/resources/ctx-model.xml

@@ -223,6 +223,9 @@
         <property name="filterManager">
             <ref bean="filterManager"/>
         </property>
+        <property name="securityEnforcer">
+            <ref bean="securityEnforcer"/>
+        </property>
     </bean>
 
     <bean id="midpointFunctionLibrary" class="com.evolveum.midpoint.model.common.expression.functions.FunctionLibrary"