Remove obsolete ObjectOperationConstraints

The handling of lens element context was migrated to newer
PrismEntityOpConstraints (although with some limitations:
sub-object selectors are ignored, see the javadocs for explanation).

infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java

@@ -187,7 +187,7 @@ public abstract class SchemaConstants {
     public static final ItemPath PATH_OPERATIONAL_STATE_LAST_AVAILABILITY_STATUS = ItemPath.create(
             ResourceType.F_OPERATIONAL_STATE, OperationalStateType.F_LAST_AVAILABILITY_STATUS);
     public static final ItemPath PATH_ATTRIBUTES = ItemPath.create(C_ATTRIBUTES);
-    public static final ItemPath PATH_ASSIGNMENT = ItemPath.create(FocusType.F_ASSIGNMENT);
+    public static final ItemPath PATH_ASSIGNMENT = FocusType.F_ASSIGNMENT;
     public static final ItemPath PATH_INDUCEMENT = ItemPath.create(AbstractRoleType.F_INDUCEMENT);
     public static final ItemPath PATH_INDUCEMENT_POLICY_RULE = ItemPath.create(RoleType.F_INDUCEMENT, AssignmentType.F_POLICY_RULE);
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java

@@ -9,6 +9,7 @@
 
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.prism.TypeDefinition;
 import com.evolveum.midpoint.schema.selector.eval.ClauseFilteringContext;
 import com.evolveum.midpoint.schema.selector.eval.ClauseMatchingContext;
 import com.evolveum.midpoint.util.QNameUtil;
@@ -21,14 +22,15 @@
 import com.evolveum.midpoint.prism.PrismValue;
 import com.evolveum.midpoint.util.PrettyPrinter;
 
-import static com.evolveum.midpoint.util.MiscUtil.configNonNull;
-import static com.evolveum.midpoint.util.MiscUtil.requireNonNull;
+import static com.evolveum.midpoint.util.MiscUtil.*;
 
 public class TypeClause extends SelectorClause {
 
     /** Qualified. */
     @NotNull private final QName typeName;
 
+    transient private TypeDefinition typeDefinition;
+
     /** Lazily evaluated. */
     private Class<?> typeClass;
 
@@ -38,8 +40,13 @@ private TypeClause(@NotNull QName typeName) {
 
     static @NotNull TypeClause of(@NotNull QName typeName) throws ConfigurationException {
         try {
-            return new TypeClause(
+            var clause = new TypeClause(
                     PrismContext.get().getSchemaRegistry().qualifyTypeName(typeName));
+            configCheck(
+                    clause.getTypeDefinition() != null,
+                    "Unknown object type %s",
+                    clause.typeName); // TODO context
+            return clause;
         } catch (SchemaException e) {
             throw new ConfigurationException("Couldn't resolve unqualified type name in object selector: " + typeName, e);
         }
@@ -64,6 +71,17 @@ private TypeClause(@NotNull QName typeName) {
         return "type";
     }
 
+    private TypeDefinition getTypeDefinition() {
+        if (typeDefinition == null) {
+            typeDefinition = PrismContext.get().getSchemaRegistry().findTypeDefinitionByType(typeName);
+        }
+        return typeDefinition;
+    }
+
+    private @NotNull TypeDefinition getTypeDefinitionRequired() {
+        return stateNonNull(getTypeDefinition(), () -> "No type definition in " + this);
+    }
+
     @Override
     public boolean matches(
             @NotNull PrismValue value,
@@ -106,13 +124,10 @@ public boolean applyFilter(@NotNull ClauseFilteringContext ctx) throws Configura
         }
     }
 
-    synchronized @NotNull Class<?> getTypeClass() throws ConfigurationException {
+    synchronized @NotNull Class<?> getTypeClass() {
         if (typeClass == null) {
-            var typeDef = configNonNull(
-                    PrismContext.get().getSchemaRegistry().findTypeDefinitionByType(typeName),
-                    () -> "Unknown object type " + typeName); // TODO context
             typeClass = requireNonNull(
-                    typeDef.getCompileTimeClass(),
+                    getTypeDefinitionRequired().getCompileTimeClass(),
                     () -> new UnsupportedOperationException(String.format(
                             "Only statically defined types are supported in authorizations."
                                     + "Type '%s' is not statically defined", typeName))); // TODO context

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java

@@ -7,7 +7,6 @@
 
 package com.evolveum.midpoint.schema.selector.spec;
 
-import static com.evolveum.midpoint.util.MiscUtil.configCheck;
 import static com.evolveum.midpoint.util.MiscUtil.configNonNull;
 
 import java.util.ArrayList;
@@ -17,17 +16,17 @@
 import java.util.stream.Collectors;
 import javax.xml.namespace.QName;
 
-import com.evolveum.midpoint.schema.selector.eval.ClauseFilteringContext;
-import com.evolveum.midpoint.schema.selector.eval.ClauseMatchingContext;
-import com.evolveum.midpoint.util.DebugDumpable;
-
-import com.evolveum.midpoint.util.DebugUtil;
+import com.evolveum.midpoint.prism.Objectable;
 
 import com.google.common.base.Preconditions;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
 import com.evolveum.midpoint.prism.PrismValue;
+import com.evolveum.midpoint.schema.selector.eval.ClauseFilteringContext;
+import com.evolveum.midpoint.schema.selector.eval.ClauseMatchingContext;
+import com.evolveum.midpoint.util.DebugDumpable;
+import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.util.QNameUtil;
 import com.evolveum.midpoint.util.exception.*;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
@@ -212,8 +211,7 @@ public static ValueSelector of(SelectorClause... clauses) {
         }
 
         ParentClause parentClause;
-        if (bean instanceof AuthorizationObjectSelectorType) {
-            var aBean = (AuthorizationObjectSelectorType) bean;
+        if (bean instanceof AuthorizationObjectSelectorType aBean) {
 
             var parent = aBean.getParent();
             if (parent != null) {
@@ -296,7 +294,7 @@ public boolean applyFilters(@NotNull ClauseFilteringContext ctx)
         return parentClause;
     }
 
-    public @NotNull Class<?> getTypeOrDefault() throws ConfigurationException {
+    public @NotNull Class<?> getTypeOrDefault() {
         if (typeClause != null) {
             return typeClause.getTypeClass();
         } else {
@@ -411,4 +409,8 @@ public ValueSelector withParentRemoved() {
                     null);
         }
     }
+
+    public boolean isSubObject() {
+        return !Objectable.class.isAssignableFrom(getTypeOrDefault());
+    }
 }

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java

@@ -326,26 +326,17 @@ private void addSecurityConfig(FilterInvocation filterInvocation, List<String> r
     }
 
     @Override
-    public @NotNull <O extends ObjectType> ObjectOperationConstraints compileOperationConstraints(
-            @NotNull PrismObject<O> object, @Nullable OwnerResolver ownerResolver,
-            @NotNull String[] actionUrls,
-            @NotNull Task task, @NotNull OperationResult result)
-            throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException,
-            ConfigurationException, SecurityViolationException {
-        return securityEnforcer.compileOperationConstraints(object, ownerResolver, actionUrls, task, result);
-    }
-
-    @Override
-    public @NotNull PrismEntityOpConstraints.ForValueContent compileOperationConstraints(
+    public PrismEntityOpConstraints.@NotNull ForValueContent compileOperationConstraints(
             @NotNull PrismObjectValue<?> value,
             @Nullable AuthorizationPhaseType phase,
             @Nullable OwnerResolver ownerResolver,
             @NotNull String[] actionUrls,
+            @NotNull CompileConstraintsOptions options,
             @NotNull Task task,
             @NotNull OperationResult result)
             throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException,
             ConfigurationException, SecurityViolationException {
-        return securityEnforcer.compileOperationConstraints(value, phase, ownerResolver, actionUrls, task, result);
+        return securityEnforcer.compileOperationConstraints(value, phase, ownerResolver, actionUrls, options, task, result);
     }
 
     @Override