From a668065e1b3f2e29595e39aa4402414ce81e3253 Mon Sep 17 00:00:00 2001 From: Pavol Mederly Date: Fri, 27 Feb 2015 19:16:49 +0100 Subject: [PATCH] Allowing c:actor variable to be used in source path expressions. --- .../common/expression/ExpressionUtil.java | 31 +++++++++++++++++++ ...alueTransformationExpressionEvaluator.java | 22 ++----------- .../model/common/mapping/Mapping.java | 15 ++++++--- .../model/common/mapping/MappingFactory.java | 14 +++++++-- .../src/main/resources/ctx-model.xml | 3 ++ 5 files changed, 58 insertions(+), 27 deletions(-) diff --git a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionUtil.java b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionUtil.java index 6f9581e038c..98818749f9a 100644 --- a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionUtil.java +++ b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/ExpressionUtil.java @@ -25,6 +25,10 @@ import javax.xml.namespace.QName; import com.evolveum.midpoint.prism.query.ExpressionWrapper; +import com.evolveum.midpoint.security.api.MidPointPrincipal; +import com.evolveum.midpoint.security.api.SecurityEnforcer; +import com.evolveum.midpoint.util.exception.SecurityViolationException; +import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType; import org.springframework.expression.ExpressionException; @@ -652,4 +656,31 @@ public static PlusMinusZero computeConditionResultMode(boolean condOld, boolean } throw new IllegalStateException("notreached"); } + + public static void addActorVariable(ExpressionVariables scriptVariables, SecurityEnforcer securityEnforcer) { + // There can already be a value, because for mappings, we create the variable before parsing sources. + // For other scripts we do it just before the execution, to catch all possible places where scripts can be executed. + + UserType oldActor = (UserType) scriptVariables.get(ExpressionConstants.VAR_ACTOR); + if (oldActor != null) { + return; + } + + UserType actor = null; + try { + if (securityEnforcer != null) { + MidPointPrincipal principal = securityEnforcer.getPrincipal(); + if (principal != null) { + actor = principal.getUser(); + } + } + if (actor == null) { + LOGGER.error("Couldn't get principal information - the 'actor' variable is set to null"); + } + } catch (SecurityViolationException e) { + LoggingUtils.logUnexpectedException(LOGGER, "Couldn't get principal information - the 'actor' variable is set to null", e); + } + scriptVariables.addVariableDefinition(ExpressionConstants.VAR_ACTOR, actor); + } + } diff --git a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java index 155eedd9b52..fbeee2ae67d 100644 --- a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java +++ b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AbstractValueTransformationExpressionEvaluator.java @@ -18,6 +18,7 @@ import com.evolveum.midpoint.model.common.expression.ExpressionEvaluationContext; import com.evolveum.midpoint.model.common.expression.ExpressionEvaluator; import com.evolveum.midpoint.model.common.expression.ExpressionSyntaxException; +import com.evolveum.midpoint.model.common.expression.ExpressionUtil; import com.evolveum.midpoint.model.common.expression.ExpressionVariables; import com.evolveum.midpoint.model.common.expression.ItemDeltaItem; import com.evolveum.midpoint.model.common.expression.ObjectDeltaObject; @@ -93,7 +94,7 @@ public PrismValueDeltaSetTriple evaluate(ExpressionEvaluationContext context) PrismValueDeltaSetTriple outputTriple = new PrismValueDeltaSetTriple(); - addActorVariable(context.getVariables()); + ExpressionUtil.addActorVariable(context.getVariables(), securityEnforcer); if (expressionEvaluatorType.getRelativityMode() == TransformExpressionRelativityModeType.ABSOLUTE) { @@ -304,25 +305,6 @@ private Collection evaluateScriptExpression(Collection transformSingleValue(ExpressionVariables variables, PlusMinusZero valueDestination, boolean useNew, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException; diff --git a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/Mapping.java b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/Mapping.java index 7868e83a7ce..da3d8cf9aed 100644 --- a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/Mapping.java +++ b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/Mapping.java @@ -30,6 +30,7 @@ import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.namespace.QName; +import com.evolveum.midpoint.security.api.SecurityEnforcer; import com.evolveum.prism.xml.ns._public.types_3.ItemPathType; import org.apache.commons.lang.Validate; @@ -114,6 +115,7 @@ public class Mapping implements DebugDumpable { private String mappingContextDescription = null; private MappingType mappingType; private ObjectResolver objectResolver = null; + private SecurityEnforcer securityEnforcer; // in order to get c:actor variable private Source defaultSource = null; private ItemDefinition defaultTargetDefinition = null; private ItemPath defaultTargetPath = null; @@ -148,11 +150,12 @@ public class Mapping implements DebugDumpable { private static final Trace LOGGER = TraceManager.getTrace(Mapping.class); - Mapping(MappingType mappingType, String contextDescription, ExpressionFactory expressionFactory) { + Mapping(MappingType mappingType, String contextDescription, ExpressionFactory expressionFactory, SecurityEnforcer securityEnforcer) { Validate.notNull(mappingType); this.contextDescription = contextDescription; this.mappingType = mappingType; this.expressionFactory = expressionFactory; + this.securityEnforcer = securityEnforcer; } public ObjectResolver getObjectResolver() { @@ -474,8 +477,10 @@ public void setRefinedObjectClassDefinition(RefinedObjectClassDefinition refined public void evaluate(Task task, OperationResult parentResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException { OperationResult result = parentResult.createMinorSubresult(Mapping.class.getName()+".evaluate"); - - traceEvaluationStart(); + + ExpressionUtil.addActorVariable(variables, securityEnforcer); + + traceEvaluationStart(); try { evaluateTimeConstraintValid(result); @@ -486,7 +491,7 @@ public void evaluate(Task task, OperationResult parentResult) throws ExpressionE traceDeferred(); return; } - + parseSources(result); parseTarget(); @@ -1034,7 +1039,7 @@ private PrismPropertyValue filterValue(PrismPropertyValue propertyValu * Shallow clone. Only the output is cloned deeply. */ public Mapping clone() { - Mapping clone = new Mapping(mappingType, contextDescription, expressionFactory); + Mapping clone = new Mapping(mappingType, contextDescription, expressionFactory, securityEnforcer); clone.conditionMaskNew = this.conditionMaskNew; clone.conditionMaskOld = this.conditionMaskOld; if (this.conditionOutputTriple != null) { diff --git a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/MappingFactory.java b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/MappingFactory.java index a1d2e9384a9..38865ccae25 100644 --- a/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/MappingFactory.java +++ b/model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/MappingFactory.java @@ -35,6 +35,7 @@ import com.evolveum.midpoint.prism.PrismValue; import com.evolveum.midpoint.prism.crypto.Protector; import com.evolveum.midpoint.schema.util.ObjectResolver; +import com.evolveum.midpoint.security.api.SecurityEnforcer; import com.evolveum.midpoint.xml.ns._public.common.common_3.AsIsExpressionEvaluatorType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType; import com.evolveum.midpoint.xml.ns._public.common.common_3.GenerateExpressionEvaluatorType; @@ -54,6 +55,7 @@ public class MappingFactory { private Protector protector; private PrismContext prismContext; private FilterManager filterManager; + private SecurityEnforcer securityEnforcer; private boolean profiling = false; public ExpressionFactory getExpressionFactory() { @@ -96,7 +98,15 @@ public void setFilterManager(FilterManager filterManager) { this.filterManager = filterManager; } - public boolean isProfiling() { + public SecurityEnforcer getSecurityEnforcer() { + return securityEnforcer; + } + + public void setSecurityEnforcer(SecurityEnforcer securityEnforcer) { + this.securityEnforcer = securityEnforcer; + } + + public boolean isProfiling() { return profiling; } @@ -105,7 +115,7 @@ public void setProfiling(boolean profiling) { } public Mapping createMapping(MappingType mappingType, String shortDesc) { - Mapping mapping = new Mapping(mappingType, shortDesc, expressionFactory); + Mapping mapping = new Mapping<>(mappingType, shortDesc, expressionFactory, securityEnforcer); mapping.setFilterManager(filterManager); mapping.setProfiling(profiling); return mapping; diff --git a/model/model-impl/src/main/resources/ctx-model.xml b/model/model-impl/src/main/resources/ctx-model.xml index 28f7a9c1c3b..32e889cc1df 100644 --- a/model/model-impl/src/main/resources/ctx-model.xml +++ b/model/model-impl/src/main/resources/ctx-model.xml @@ -223,6 +223,9 @@ + + +