Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapperFactory.java

@@ -238,7 +238,7 @@ private <O extends ObjectType, C extends Containerable> void addContainerWrapper
             if (!(def instanceof PrismContainerDefinition)) {
                 continue;
             }
-            if (ObjectSpecificationType.COMPLEX_TYPE.equals(def.getTypeName())) {
+            if (SubjectedObjectSelectorType.COMPLEX_TYPE.equals(def.getTypeName())) {
                 continue; // TEMPORARY FIX
             }
             if (TriggerType.COMPLEX_TYPE.equals(def.getTypeName())) {

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/FocusProcessor.java

@@ -630,6 +630,19 @@ private <F extends ObjectType> void recordEffectiveStatusDelta(LensFocusContext<
 			throws SchemaException {
 		PrismContainerDefinition<ActivationType> activationDefinition = getActivationDefinition();
 
+		// We always want explicit delta for effective status even if there is no real change
+		// we want to propagate enable/disable events to all the resources, even if we are enabling
+		// already enabled user (some resources may be disabled)
+		// This may produce duplicate delta, but that does not matter too much. The duplicate delta
+		// will be filtered out later.
+		PrismPropertyDefinition<ActivationStatusType> effectiveStatusDef = activationDefinition.findPropertyDefinition(ActivationType.F_EFFECTIVE_STATUS);
+		PropertyDelta<ActivationStatusType> effectiveStatusDelta 
+				= effectiveStatusDef.createEmptyDelta(new ItemPath(UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS));
+		effectiveStatusDelta.setValueToReplace(new PrismPropertyValue<ActivationStatusType>(effectiveStatusNew, OriginType.USER_POLICY, null));
+		if (!focusContext.alreadyHasDelta(effectiveStatusDelta)){
+			focusContext.swallowToProjectionWaveSecondaryDelta(effectiveStatusDelta);
+		}
+
 		// It is not enough to check alreadyHasDelta(). The change may happen in previous waves
 		// and the secondary delta may no longer be here. When it comes to disableTimestamp we even
 		// cannot rely on natural filtering of already executed deltas as the timestamp here may
@@ -638,19 +651,11 @@ private <F extends ObjectType> void recordEffectiveStatusDelta(LensFocusContext<
 		if (objectCurrent != null) {
 			PrismProperty<ActivationStatusType> effectiveStatusPropCurrent = objectCurrent.findProperty(SchemaConstants.PATH_ACTIVATION_EFFECTIVE_STATUS);
 			if (effectiveStatusPropCurrent != null && effectiveStatusNew.equals(effectiveStatusPropCurrent.getRealValue())) {
-				LOGGER.trace("Skipping setting of effective status and disableTimestamp because there was no change");
+				LOGGER.trace("Skipping setting disableTimestamp because there was no change");
 				return;
 			}
 		}
-
-		PrismPropertyDefinition<ActivationStatusType> effectiveStatusDef = activationDefinition.findPropertyDefinition(ActivationType.F_EFFECTIVE_STATUS);
-		PropertyDelta<ActivationStatusType> effectiveStatusDelta 
-				= effectiveStatusDef.createEmptyDelta(new ItemPath(UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS));
-		effectiveStatusDelta.setValueToReplace(new PrismPropertyValue<ActivationStatusType>(effectiveStatusNew, OriginType.USER_POLICY, null));
-		if (!focusContext.alreadyHasDelta(effectiveStatusDelta)){
-			focusContext.swallowToProjectionWaveSecondaryDelta(effectiveStatusDelta);
-		}
-
+
 		PropertyDelta<XMLGregorianCalendar> timestampDelta = LensUtil.createActivationTimestampDelta(effectiveStatusNew, now, activationDefinition, OriginType.USER_POLICY);
 		if (!focusContext.alreadyHasDelta(timestampDelta)) {
 			focusContext.swallowToProjectionWaveSecondaryDelta(timestampDelta);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestActivation.java

@@ -256,7 +256,7 @@ public void test055ModifyUserJackEnable() throws Exception {
 		assertAdministrativeStatusEnabled(userJack);
 		assertValidity(userJack, null);
 		assertEffectiveStatus(userJack, ActivationStatusType.ENABLED);
-		assertEnableTimestampFocus(userJack, start, end);
+		assertEnableTimestampFocus(userJack, null, start);
 
 		TestUtil.assertModifyTimestamp(userJack, start, end);
 	}
@@ -658,7 +658,8 @@ public void test114ModifyUserJackEnable() throws Exception {
 
 		assertAdministrativeStatusEnabled(userJack);
 		assertDummyEnabled(ACCOUNT_JACK_DUMMY_USERNAME);
-		assertEnableTimestampFocus(userJack, startTime, endTime);
+		// No real change in effective status, therefore the enableTimestamp should be unchanged
+		assertEnableTimestampFocus(userJack, null, startTime);
 
 		assertAccounts(USER_JACK_OID, 1);
         PrismObject<ShadowType> account = getShadowModel(accountOid);
@@ -708,7 +709,7 @@ public void test115ModifyUserJackAdministrativeStatusNull() throws Exception {
 	}
 
 	/**
-	 * Modify both user and account activation. As password outbound mapping is weak the user should have its own state
+	 * Modify both user and account activation. As outbound mapping is weak the user should have its own state
 	 * and account should have its own state.
 	 */
 	@Test
@@ -740,7 +741,8 @@ public void test118ModifyJackActivationUserAndAccount() throws Exception {
         PrismObject<UserType> userJack = getUser(USER_JACK_OID);
 		display("User after change execution", userJack);
 		assertUserJack(userJack, "Jack Sparrow");
-		assertEnableTimestampFocus(userJack, startTime, endTime);
+		// No real change in effective status, therefore the enableTimestamp should be unchanged
+		assertEnableTimestampFocus(userJack, null, startTime);
 		assertAdministrativeStatusEnabled(userJack);
 
 		assertDummyDisabled("jack");
@@ -753,7 +755,7 @@ public void test118ModifyJackActivationUserAndAccount() throws Exception {
 	}
 
 	/**
-	 * Add red dummy resource to the mix. This would be fun.
+	 * Add red dummy resource to the mix. This will be fun.
 	 */
 	@Test
     public void test120ModifyUserJackAssignAccountDummyRed() throws Exception {

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestLoggingConfiguration.java

@@ -469,7 +469,7 @@ public void test101EnableBasicAudit() throws Exception {
 		// THEN
 
 		tailer.tail();
-		tailer.assertAudit(3);
+		tailer.assertAudit(2);
 		tailer.assertAuditRequest();
 		tailer.assertAuditExecution();
 

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContract.java

@@ -2875,7 +2875,7 @@ public void test210AddUserMorganWithAssignment() throws Exception {
 
      // Check audit
         display("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(3);
+        dummyAuditService.assertRecords(2);
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
         dummyAuditService.assertExecutionDeltas(3);
@@ -3120,7 +3120,7 @@ public void test300AddUserJackWithAssignmentBlue() throws Exception {
 
         // Check audit
         display("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(3);
+        dummyAuditService.assertRecords(2);
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
         dummyAuditService.assertExecutionDeltas(3);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestMultiResource.java

@@ -1773,13 +1773,13 @@ public void test403DavidAndGoliathDisableUser() throws Exception {
 
         // Check audit
         display("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(5);			// last one is duplicate
+        dummyAuditService.assertRecords(3);			// last one is duplicate
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
         dummyAuditService.assertExecutionDeltas(0,2);
         dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
         dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, ShadowType.class);
-		dummyAuditService.assertExecutionDeltas(1,2);			// user is again disabled here
+		dummyAuditService.assertExecutionDeltas(1,1);			// user is again disabled here
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
 	}
@@ -1811,13 +1811,13 @@ public void test404DavidAndGoliathEnableUser() throws Exception {
 
         // Check audit
         display("Audit", dummyAuditService);
-        dummyAuditService.assertRecords(5);						// last one is duplicate
+        dummyAuditService.assertRecords(3);						// last one is duplicate
         dummyAuditService.assertSimpleRecordSanity();
         dummyAuditService.assertAnyRequestDeltas();
         dummyAuditService.assertExecutionDeltas(0,2);
         dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, UserType.class);
         dummyAuditService.assertHasDelta(0,ChangeType.MODIFY, ShadowType.class);
-        dummyAuditService.assertExecutionDeltas(1,2);			// user is again disabled here
+        dummyAuditService.assertExecutionDeltas(1,1);			// user is again disabled here
         dummyAuditService.assertHasDelta(1,ChangeType.MODIFY, ShadowType.class);
         dummyAuditService.assertExecutionSuccess();
 	}

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java

@@ -311,9 +311,9 @@ public void test000Sanity() throws Exception {
         assertEquals("Wrong number of authorizations", 2, authorizations.size());
         AuthorizationType authRead = findAutz(authorizations, ModelAuthorizationAction.READ.getUrl());
         assertEquals("Wrong action in authorization", ModelAuthorizationAction.READ.getUrl(), authRead.getAction().get(0));
-        List<OwnedObjectSpecificationType> objectSpecs = authRead.getObject();
+        List<OwnedObjectSelectorType> objectSpecs = authRead.getObject();
         assertEquals("Wrong number of object specs in authorization", 1, objectSpecs.size());
-        ObjectSpecificationType objectSpec = objectSpecs.get(0);
+        SubjectedObjectSelectorType objectSpec = objectSpecs.get(0);
         List<SpecialObjectSpecificationType> specials = objectSpec.getSpecial();
         assertEquals("Wrong number of specials in object specs in authorization", 1, specials.size());
         SpecialObjectSpecificationType special = specials.get(0);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestImportRecon.java

@@ -1252,7 +1252,7 @@ public void test230ReconcileDummyRename() throws Exception {
         addReconScripts(scripts, ACCOUNT_HTM_NAME, ACCOUNT_HTM_FULL_NAME, true);
         IntegrationTestTools.assertScripts(dummyResource.getScriptHistory(), scripts.toArray(new ProvisioningScriptSpec[0]));
 
-        assertReconAuditModifications(3, TASK_RECONCILE_DUMMY_OID); // the second modification is unlink
+        assertReconAuditModifications(2, TASK_RECONCILE_DUMMY_OID); // the second modification is unlink
 
         assertShadows(14);
 

repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java

@@ -26,7 +26,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSpecificationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSelectorType;
 
 /**
  * @author semancik
@@ -79,15 +79,15 @@ public AuthorizationPhaseType getPhase() {
 		return authorizationType.getPhase();
 	}
 
-	public List<OwnedObjectSpecificationType> getObject() {
+	public List<OwnedObjectSelectorType> getObject() {
 		return authorizationType.getObject();
 	}
 
 	public List<ItemPathType> getItem() {
 		return authorizationType.getItem();
 	}
 
-	public List<OwnedObjectSpecificationType> getTarget() {
+	public List<OwnedObjectSelectorType> getTarget() {
 		return authorizationType.getTarget();
 	}
 

repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java

@@ -90,11 +90,11 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSpecificationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.SubjectedObjectSelectorType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgRelationObjectSpecificationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgScopeType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSpecificationType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSelectorType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SpecialObjectSpecificationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
@@ -367,14 +367,14 @@ public <O extends ObjectType, T extends ObjectType> void authorize(String operat
 		}
 	}
 
-	private <O extends ObjectType> boolean isApplicable(List<OwnedObjectSpecificationType> objectSpecTypes, PrismObject<O> object, 
+	private <O extends ObjectType> boolean isApplicable(List<OwnedObjectSelectorType> objectSpecTypes, PrismObject<O> object, 
 			MidPointPrincipal midPointPrincipal, OwnerResolver ownerResolver, String desc, String autzHumanReadableDesc) throws SchemaException {
 		if (objectSpecTypes != null && !objectSpecTypes.isEmpty()) {
 			if (object == null) {
 				LOGGER.trace("  {} not applicable for null {}", autzHumanReadableDesc, desc);
 				return false;
 			}
-			for (OwnedObjectSpecificationType autzObject: objectSpecTypes) {
+			for (OwnedObjectSelectorType autzObject: objectSpecTypes) {
 				if (isApplicable(autzObject, object, midPointPrincipal, ownerResolver, desc, autzHumanReadableDesc)) {
 					return true;
 				}
@@ -386,7 +386,7 @@ private <O extends ObjectType> boolean isApplicable(List<OwnedObjectSpecificatio
 		}
 	}
 
-	private <O extends ObjectType> boolean isApplicable(ObjectSpecificationType objectSpecType, PrismObject<O> object, 
+	private <O extends ObjectType> boolean isApplicable(SubjectedObjectSelectorType objectSpecType, PrismObject<O> object, 
 			MidPointPrincipal principal, OwnerResolver ownerResolver, String desc, String autzHumanReadableDesc) throws SchemaException {
 		if (objectSpecType == null) {
 			LOGGER.trace("  {} not applicable for {} because of null object specification", autzHumanReadableDesc, desc);
@@ -480,9 +480,9 @@ private <O extends ObjectType> boolean isApplicable(ObjectSpecificationType obje
 			}			
 		}
 
-		if (objectSpecType instanceof OwnedObjectSpecificationType) {
+		if (objectSpecType instanceof OwnedObjectSelectorType) {
 			// Owner
-			ObjectSpecificationType ownerSpec = ((OwnedObjectSpecificationType)objectSpecType).getOwner();
+			SubjectedObjectSelectorType ownerSpec = ((OwnedObjectSelectorType)objectSpecType).getOwner();
 			if (ownerSpec != null) {
 				if (ownerResolver == null) {
 					ownerResolver = userProfileService;
@@ -909,7 +909,7 @@ private <T extends ObjectType, O extends ObjectType> ObjectFilter preProcessObje
 
 					// object or target
 					ObjectFilter autzObjSecurityFilter = null;
-					List<OwnedObjectSpecificationType> objectSpecTypes;
+					List<OwnedObjectSelectorType> objectSpecTypes;
 					if (object == null) {
 						// object not present. Therefore we are looking for object here
 						objectSpecTypes = autz.getObject();
@@ -926,7 +926,7 @@ private <T extends ObjectType, O extends ObjectType> ObjectFilter preProcessObje
 					boolean applicable = true;
 					if (objectSpecTypes != null && !objectSpecTypes.isEmpty()) {
 						applicable = false;
-						for (OwnedObjectSpecificationType objectSpecType: objectSpecTypes) {
+						for (OwnedObjectSelectorType objectSpecType: objectSpecTypes) {
 							ObjectFilter objSpecSecurityFilter = null;
 							TypeFilter objSpecTypeFilter = null;
 							SearchFilterType specFilterType = objectSpecType.getFilter();

testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdapUniversity.java

@@ -22,9 +22,7 @@
 import com.evolveum.midpoint.model.impl.sync.ReconciliationTaskHandler;
 import com.evolveum.midpoint.model.test.AbstractModelIntegrationTest;
 import com.evolveum.midpoint.prism.PrismObject;
-import com.evolveum.midpoint.prism.polystring.PolyString;
 import com.evolveum.midpoint.schema.constants.MidPointConstants;
-import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.internals.InternalsConfig;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
@@ -33,7 +31,6 @@
 import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectTemplateType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
@@ -55,7 +52,6 @@
 import javax.xml.namespace.QName;
 import java.io.File;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.List;
 
 import static com.evolveum.midpoint.test.IntegrationTestTools.display;
@@ -192,9 +188,9 @@ private void createUsers(String prefix, OperationResult result) throws ObjectAlr
         for(int i=0; i < NUM_LDAP_ENTRIES; i++) {
             UserType userType = (UserType) prismContext.getSchemaRegistry().findObjectDefinitionByType(UserType.COMPLEX_TYPE).instantiate().asObjectable();
             if (i%2 == 0) {
-                userType.setName(createPolyString("e" + i));
+                userType.setName(createPolyStringType("e" + i));
             } else {
-                userType.setName(createPolyString("e" + i + "(u" + i + ")"));
+                userType.setName(createPolyStringType("e" + i + "(u" + i + ")"));
             }
             userType.setEmployeeNumber("e"+i);
             repositoryService.addObject(userType.asPrismObject(), null, result);
@@ -315,11 +311,4 @@ private String groupDn(int groupIndex) {
     private String groupCn(int groupIndex) {
         return String.format("g%02d", groupIndex);
     }
-
-    private PolyStringType createPolyString(String orig) {
-        PolyStringType poly = new PolyStringType();
-        poly.setOrig(orig);
-        return poly;
-    }
-
 }

testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestOrgHierarchy.java

@@ -124,10 +124,10 @@ private PrismObject<UserType> createUser(String parentOid, int i, int u, String
             throws Exception {
         UserType user = new UserType();
         user.setOid("1" + createOid(u, oidPrefix + i));
-        user.setName(createPolyString("u" + oidPrefix + i + u));
-        user.setFullName(createPolyString("fu" + oidPrefix + i + u));
-        user.setFamilyName(createPolyString("fa" + oidPrefix + i + u));
-        user.setGivenName(createPolyString("gi" + oidPrefix + i + u));
+        user.setName(createPolyStringType("u" + oidPrefix + i + u));
+        user.setFullName(createPolyStringType("fu" + oidPrefix + i + u));
+        user.setFamilyName(createPolyStringType("fa" + oidPrefix + i + u));
+        user.setGivenName(createPolyStringType("gi" + oidPrefix + i + u));
         if (parentOid != null) {
             ObjectReferenceType ref = new ObjectReferenceType();
             ref.setOid(parentOid);
@@ -143,8 +143,8 @@ private PrismObject<OrgType> createOrg(String parentOid, int i, String oidPrefix
             throws Exception {
         OrgType org = new OrgType();
         org.setOid("2" + createOid(i, oidPrefix));
-        org.setDisplayName(createPolyString("o" + oidPrefix + i));
-        org.setName(createPolyString("o" + oidPrefix + i));
+        org.setDisplayName(createPolyStringType("o" + oidPrefix + i));
+        org.setName(createPolyStringType("o" + oidPrefix + i));
         if (parentOid != null) {
             ObjectReferenceType ref = new ObjectReferenceType();
             ref.setOid(parentOid);
@@ -172,10 +172,4 @@ private String createOid(int i, String oidPrefix) {
 
         return sb.toString();
     }
-
-    private PolyStringType createPolyString(String orig) {
-        PolyStringType poly = new PolyStringType();
-        poly.setOrig(orig);
-        return poly;
-    }
 }