Merge remote-tracking branch 'origin/master'

# Conflicts:
#	gui/admin-gui/src/main/resources/localization/Midpoint.properties

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java

@@ -243,6 +243,8 @@ public static boolean isAuthorized(Collection<String> actions) {
 			return true;
 		}
 		Roles roles = new Roles(AuthorizationConstants.AUTZ_ALL_URL);
+		roles.add(AuthorizationConstants.AUTZ_GUI_ALL_URL);
+		roles.add(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL);
 		roles.addAll(actions);
 		if (((AuthenticatedWebApplication) AuthenticatedWebApplication.get()).hasAnyRole(roles)) {
 			return true;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java

@@ -129,7 +129,7 @@ private void loadActions(PageDescriptor descriptor) {
                 }
             }
 
-            //add http://.../..#guAll authorization only for displayable pages, not for pages used for development..
+            //add http://.../..#guiAll authorization only for displayable pages, not for pages used for development..
             if (canAccess) {
 
                 actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL,

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/LockoutStatusPanel.java

@@ -8,18 +8,18 @@
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.markup.html.panel.Panel;
 import org.apache.wicket.model.IModel;
 
 /**
- * Created by Kate on 12.04.2016.
+ * Created by honchar
  */
 public class LockoutStatusPanel extends Panel {
     private static final String ID_CONTAINER = "container";
     private static final String ID_LABEL = "label";
     private static final String ID_BUTTON = "button";
-    private static final String BUTTON_UNDO_LABEL = "Undo";
-    private static final String BUTTON_UNLOCK_LABEL = "Unlock";
+    private static final String ID_FEEDBACK = "feedback";
     private boolean isInitialState = true;
     private boolean isUndo = false;
 
@@ -44,9 +44,13 @@ private void initLayout(final IModel<LockoutStatusType> model){
             public String getObject() {
                 LockoutStatusType object = model != null ? model.getObject() : null;
 
-                return object == null ?
+                String labelValue = object == null ?
                         ((PageBase)getPage()).createStringResource("LockoutStatusType.UNDEFINED").getString()
                         : WebComponentUtil.createLocalizedModelForEnum(object, getLabel()).getObject();
+                if (!isInitialState){
+                    labelValue += " " + ((PageBase) getPage()).createStringResource("LockoutStatusPanel.changesSaving").getString();
+                }
+                return labelValue;
             }
 
             @Override
@@ -89,9 +93,9 @@ private IModel<String> getButtonModel(){
             @Override
             public String getObject() {
                 if (isInitialState){
-                    return BUTTON_UNLOCK_LABEL;
+                    return ((PageBase)getPage()).createStringResource("LockoutStatusPanel.unlockButtonLabel").getString();
                 } else {
-                    return BUTTON_UNDO_LABEL;
+                    return ((PageBase)getPage()).createStringResource("LockoutStatusPanel.undoButtonLabel").getString();
                 }
             }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/dialog/MainPopupDialog.html

@@ -14,7 +14,7 @@
   ~ limitations under the License.
   -->
 <wicket:panel xmlns:wicket="http://wicket.apache.org">
-    <div wicket:id="content" style="padding: 5px 5px 5px 5px">
+    <div wicket:id="content" style="padding: 5px 15px 5px 5px">
 
 <div wicket:id="popupBody"/>
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ContainerWrapper.java

@@ -157,6 +157,7 @@ public <IW extends ItemWrapper> IW findPropertyWrapper(QName name) {
         return null;
     }
 
+    // TODO: refactor this. Why it is not in the itemWrapper?
     boolean isItemVisible(ItemWrapper item) {
         ItemDefinition def = item.getItemDefinition();
         if (def.isIgnored() || def.isOperational()) {
@@ -206,6 +207,12 @@ public boolean isShowInheritedObjectAttributes() {
 	}
 
 	private boolean showEmpty(ItemWrapper item) {
+		// make sure that emphasized state is evaluated after the normal definitions are considered
+		// we do not want to display emphasized property if the user does not have an access to it.
+		// MID-3206
+        if (item.getItemDefinition().isEmphasized()) {
+        	return true;
+        }
         ObjectWrapper objectWrapper = getObject();
         List<ValueWrapper> valueWrappers = item.getValues();
         boolean isEmpty;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ItemWrapper.java

@@ -58,8 +58,8 @@ public interface ItemWrapper<I extends Item, ID extends ItemDefinition> extends
     public List<ValueWrapper> getValues();
 
     /**
-     * Visibility flag. This is an override of the default behavior given by the definition.
-     * TODO: when it overrides? If set to FALSE?
+     * Visibility flag. This is NOT an override, it defines whether the item
+     * should be displayed or not.
      */
     public boolean isVisible();
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/ObjectWrapper.java

@@ -47,8 +47,9 @@
  * @author lazyman
  */
 public class ObjectWrapper<O extends ObjectType> implements Serializable, Revivable, DebugDumpable {
+	private static final long serialVersionUID = 1L;
 
-    public static final String F_DISPLAY_NAME = "displayName";
+	public static final String F_DISPLAY_NAME = "displayName";
     public static final String F_SELECTED = "selected";
 
     private static final Trace LOGGER = TraceManager.getTrace(ObjectWrapper.class);
@@ -255,7 +256,7 @@ public void setContainers(List<ContainerWrapper<? extends Containerable>> contai
         this.containers = containers;
     }
 
-    public ContainerWrapper findContainerWrapper(ItemPath path) {
+    public <C extends Containerable> ContainerWrapper<C> findContainerWrapper(ItemPath path) {
         for (ContainerWrapper wrapper : getContainers()) {
             if (path != null) {
                 if (path.equivalent(wrapper.getPath())) {
@@ -271,7 +272,7 @@ public ContainerWrapper findContainerWrapper(ItemPath path) {
         return null;
     }
 
-    public ContainerWrapper findMainContainerWrapper() {
+    public ContainerWrapper<O> findMainContainerWrapper() {
         for (ContainerWrapper wrapper : getContainers()) {
         	if (wrapper.isMain()) {
         		return wrapper;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismPropertyPanel.java

@@ -51,8 +51,9 @@
  * @author lazyman
  */
 public class PrismPropertyPanel<IW extends ItemWrapper> extends Panel {
-
-    private static final Trace LOGGER = TraceManager.getTrace(PrismPropertyPanel.class);
+	private static final long serialVersionUID = 1L;
+
+	private static final Trace LOGGER = TraceManager.getTrace(PrismPropertyPanel.class);
     private static final String ID_HAS_PENDING_MODIFICATION = "hasPendingModification";
     private static final String ID_HELP = "help";
     private static final String ID_LABEL = "label";
@@ -71,12 +72,13 @@ public PrismPropertyPanel(String id, final IModel<IW> model, Form form, PageBase
 
         setOutputMarkupId(true);
         add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public boolean isVisible() {
-            	ItemWrapper property = model.getObject();
-                boolean visible = property.isVisible();
-                LOGGER.trace("isVisible: {}: {}", property, visible);
+            	IW propertyWrapper = model.getObject();
+                boolean visible = propertyWrapper.isVisible();
+                LOGGER.trace("isVisible: {}: {}", propertyWrapper, visible);
                 return visible;
             }
 
@@ -93,6 +95,8 @@ private void initLayout(final IModel<IW> model, final Form form) {
         WebMarkupContainer labelContainer = new WebMarkupContainer(ID_LABEL_CONTAINER);
         labelContainer.setOutputMarkupId(true);
         labelContainer.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
+
             @Override public boolean isVisible() {
                 return labelContainerVisible;
             }
@@ -103,6 +107,7 @@ private void initLayout(final IModel<IW> model, final Form form) {
         labelContainer.add(new Label(ID_LABEL, label));
 
         final IModel<String> helpText = new LoadableModel<String>(false) {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             protected String load() {
@@ -113,6 +118,7 @@ protected String load() {
         help.add(AttributeModifier.replace("title", helpText));
         help.add(new InfoTooltipBehavior());
         help.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public boolean isVisible() {
@@ -123,10 +129,11 @@ public boolean isVisible() {
 
         WebMarkupContainer required = new WebMarkupContainer("required");
         required.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public boolean isVisible() {
-                ItemWrapper wrapper = model.getObject();
+                IW wrapper = model.getObject();
                 Item property = wrapper.getItem();
                 ItemDefinition def = property.getDefinition();
 
@@ -142,6 +149,7 @@ public boolean isVisible() {
 
         WebMarkupContainer hasOutbound = new WebMarkupContainer("hasOutbound");
         hasOutbound.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public boolean isVisible() {
@@ -152,6 +160,7 @@ public boolean isVisible() {
 
         WebMarkupContainer hasPendingModification = new WebMarkupContainer(ID_HAS_PENDING_MODIFICATION);
         hasPendingModification.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public boolean isVisible() {
@@ -162,6 +171,7 @@ public boolean isVisible() {
 
         ListView<ValueWrapper> values = new ListView<ValueWrapper>("values",
                 new PropertyModel<List<ValueWrapper>>(model, "values")) {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             protected void populateItem(final ListItem<ValueWrapper> item) {
@@ -170,6 +180,7 @@ protected void populateItem(final ListItem<ValueWrapper> item) {
                 item.add(AttributeModifier.append("class", createStyleClassModel(item.getModel())));
 
                 item.add(new VisibleEnableBehaviour() {
+                	private static final long serialVersionUID = 1L;
 
                     @Override
                     public boolean isVisible() {
@@ -209,6 +220,7 @@ private String loadHelpText(IModel<IW> model) {
 
     protected IModel<String> createStyleClassModel(final IModel<ValueWrapper> value) {
         return new AbstractReadOnlyModel<String>() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public String getObject() {
@@ -285,6 +297,7 @@ private boolean hasPendingModification(IModel<IW> model) {
 
     private IModel<String> createDisplayName(final IModel<IW> model) {
         return new AbstractReadOnlyModel<String>() {
+        	private static final long serialVersionUID = 1L;
 
             @Override
             public String getObject() {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PropertyOrReferenceWrapper.java

@@ -83,9 +83,7 @@ public ID getItemDefinition() {
 	}
 
 	public boolean isVisible() {
-        if (item.getDefinition().isEmphasized()){
-            return true;
-        } else if (item.getDefinition().isOperational()) {			// TODO ...or use itemDefinition instead?
+        if (item.getDefinition().isOperational()) {			// TODO ...or use itemDefinition instead?
 			return false;
 		} else if (container != null) {
 			return container.isItemVisible(this);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointGuiAuthorizationEvaluator.java

@@ -143,8 +143,19 @@ public void decide(Authentication authentication, Object object, Collection<Conf
         if (guiConfigAttr.isEmpty()) {
         	configAttributesToUse = configAttributes;
         }
-
-    	securityEnforcer.decide(authentication, object, configAttributesToUse);
+
+        try {
+        	securityEnforcer.decide(authentication, object, configAttributesToUse);
+
+        	if (LOGGER.isTraceEnabled()) {
+            	LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: OK", authentication, object, configAttributesToUse);
+            }
+        } catch (AccessDeniedException | InsufficientAuthenticationException e) {
+        	if (LOGGER.isTraceEnabled()) {
+            	LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: {}", authentication, object, configAttributesToUse, e);
+            }
+        	throw e;
+        }
     }
 
     private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr,

gui/admin-gui/src/main/resources/localization/Midpoint.properties

@@ -3197,5 +3197,9 @@ operation.com.evolveum.midpoint.web.page.admin.certification.PageCertDefinition.
 
 operation.com.evolveum.midpoint.web.page.admin.certification.PageCertDefinitions.createCampaign=Create campaign
 operation.com.evolveum.midpoint.web.page.admin.certification.PageCertDefinitions.deleteDefinition=Delete definition
-operation.com.evolveum.midpoint.web.page.admin.server.PageTaskEdit.saveTask=Save task
-SceneDto.unnamed=(unnamed)
+
+SceneDto.unnamed=(unnamed)
+LockoutStatusPanel.undoButtonLabel=Undo
+LockoutStatusPanel.unlockButtonLabel=Unlock
+LockoutStatusPanel.changesSaving=(will be applied after Save button click)
+operation.com.evolveum.midpoint.web.page.admin.server.PageTaskEdit.saveTask=Save task (GUI)

gui/admin-gui/src/main/resources/localization/Midpoint_en.properties

@@ -3162,3 +3162,7 @@ operation.com.evolveum.midpoint.web.page.admin.certification.PageCertDefinitions
 operation.com.evolveum.midpoint.web.page.admin.certification.PageCertDefinitions.deleteDefinition=Delete definition
 
 SceneDto.unnamed=(unnamed)
+LockoutStatusPanel.undoButtonLabel=Undo
+LockoutStatusPanel.unlockButtonLabel=Unlock
+LockoutStatusPanel.changesSaving=(changes will be applied after Save button click)
+operation.com.evolveum.midpoint.web.page.admin.server.PageTaskEdit.saveTask=Save task (GUI)

gui/admin-gui/src/test/java/com/evolveum/midpoint/web/AbstractInitializedGuiIntegrationTest.java

@@ -70,6 +70,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		dummyResourceCtl.setResource(resourceDummy);
 
 		repoAddObjectFromFile(USER_JACK_FILE, UserType.class, true, initResult);
+		repoAddObjectFromFile(USER_EMPTY_FILE, UserType.class, true, initResult);
 
 		importObjectFromFile(ROLE_MAPMAKER_FILE);
 	}

gui/admin-gui/src/test/java/com/evolveum/midpoint/web/AdminGuiTestConstants.java

@@ -44,6 +44,10 @@ public class AdminGuiTestConstants {
     public static final String USER_JACK_GIVEN_NAME = "Jack";
     public static final String USER_JACK_FAMILY_NAME = "Sparrow";
 
+    public static final File USER_EMPTY_FILE = new File(COMMON_DIR, "user-empty.xml");
+    public static final String USER_EMPTY_OID = "50053534-36dc-11e6-86f7-035182a6f678";
+    public static final String USER_EMPTY_USERNAME = "empty";
+
     public static final File RESOURCE_DUMMY_FILE = new File(COMMON_DIR, "resource-dummy.xml");
     public static final String RESOURCE_DUMMY_OID = "10000000-0000-0000-0000-000000000004";
     public static final String RESOURCE_DUMMY_NAMESPACE = MidPointConstants.NS_RI;