Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/ChooseMemberPopup.java

@@ -323,7 +323,7 @@ protected ObjectQuery createInOidQuery(List<ObjectType> selectedObjectsList){
     protected void executeMemberOperation(QName type, ObjectQuery memberQuery,
                                           ObjectDelta delta, AjaxRequestTarget target) {
 
-        Task operationalTask = getPageBase().createSimpleTask("add members");
+        Task operationalTask = getPageBase().createSimpleTask("Add.members");
         OperationResult parentResult = operationalTask.getResult();
 
         try {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/ChooseOrgMemberPopup.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2010-2018 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.evolveum.midpoint.gui.api.component;
+
+import com.evolveum.midpoint.gui.api.component.tabs.CountablePanelTab;
+import com.evolveum.midpoint.schema.constants.ObjectTypes;
+import com.evolveum.midpoint.schema.constants.RelationTypes;
+
+/**
+ * Created by honchar
+ */
+
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.extensions.markup.html.tabs.ITab;
+import org.apache.wicket.markup.html.WebMarkupContainer;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+public abstract class ChooseOrgMemberPopup<O extends ObjectType> extends ChooseMemberPopup<O, OrgType> {
+    private static final long serialVersionUID = 1L;
+
+    public ChooseOrgMemberPopup(String id, List<QName> availableRelationList){
+        super(id, availableRelationList);
+    }
+
+    @Override
+    protected List<ITab> createAssignmentTabs() {
+        List<ITab> tabs = super.createAssignmentTabs();
+        tabs.add(new CountablePanelTab(getPageBase().createStringResource("chooseMemberForOrgPopup.otherTypesLabel"), null) {
+
+            private static final long serialVersionUID = 1L;
+
+            @Override
+            public WebMarkupContainer createPanel(String panelId) {
+                return new MultiTypesMemberPopupTabPanel(panelId, availableRelationList){
+                    private static final long serialVersionUID = 1L;
+
+                    @Override
+                    protected void onSelectionPerformed(AjaxRequestTarget target){
+                        tabLabelPanelUpdate(target);
+                    }
+
+                    @Override
+                    protected OrgType getAbstractRoleTypeObject(){
+                        return ChooseOrgMemberPopup.this.getAssignmentTargetRefObject();
+                    }
+                };
+            }
+
+            @Override
+            public String getCount() {
+                return Integer.toString(getTabPanelSelectedCount(getPanel()));
+            }
+        });
+        return tabs;
+    }
+
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/MemberPopupTabPanel.java

@@ -95,20 +95,8 @@ protected List<QName> getChoicesList(){
 
 
         });
-
-//        DropDownChoicePanel<RelationTypes> relationSelector =  new DropDownChoicePanel<RelationTypes> (ID_RELATION,
-//                Model.of(getDefaultRelationValue()), Model.ofList(supportedRelationList),
-//                WebComponentUtil.getEnumChoiceRenderer(MemberPopupTabPanel.this), false);
-//        relationSelector.getBaseFormComponent().add(new EmptyOnChangeAjaxFormUpdatingBehavior());
-//        relationSelector.setOutputMarkupId(true);
-//        relationSelector.setOutputMarkupPlaceholderTag(true);
-//        relationContainer.add(relationSelector);
     }
 
-//    private RelationTypes getDefaultRelationValue(){
-//        return CollectionUtils.isNotEmpty(supportedRelationList) ? supportedRelationList.get(0) : RelationTypes.MEMBER;
-//    }
-
     protected ObjectDelta prepareDelta(){
         ObjectDelta delta = null;
         try {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/MultiTypesMemberPopupTabPanel.java

@@ -16,8 +16,19 @@
 package com.evolveum.midpoint.gui.api.component;
 
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.schema.constants.ObjectTypes;
 import com.evolveum.midpoint.schema.constants.RelationTypes;
+import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.task.api.TaskCategory;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.logging.LoggingUtils;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.web.page.admin.users.component.AbstractRoleMemberPanel;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.ajax.form.OnChangeAjaxBehavior;
@@ -38,6 +49,8 @@
 public abstract class MultiTypesMemberPopupTabPanel<O extends ObjectType> extends MemberPopupTabPanel<O> {
     private static final long serialVersionUID = 1L;
 
+    private static final Trace LOGGER = TraceManager.getTrace(MultiTypesMemberPopupTabPanel.class);
+
     private static final String ID_TYPE_SELECT_PANEL = "typeSelectPanel";
     private static final String ID_TYPE = "type";
 
@@ -77,6 +90,16 @@ protected void onUpdate(AjaxRequestTarget target) {
         add(typePanel);
     }
 
+    @Override
+    protected ObjectDelta prepareDelta(){
+        Class classType = WebComponentUtil.qnameToClass(getPageBase().getPrismContext(), getObjectType().getTypeQName());
+        ObjectReferenceType ref = ObjectTypeUtil.createObjectRef(getAbstractRoleTypeObject());
+        ref.setRelation(getRelationValue());
+        return ObjectDelta.createModificationAddReference(classType, "fakeOid",
+                ObjectType.F_PARENT_ORG_REF, getPageBase().getPrismContext(),
+                ref.asReferenceValue());
+    }
+
     protected List<ObjectTypes> getSupportedTypesList(){
         List<ObjectTypes> supportedTypes = new ArrayList<>(Arrays.asList(ObjectTypes.values()));
         supportedTypes.remove(ObjectTypes.USER);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java

@@ -547,12 +547,12 @@ protected IColumn<SelectableBean<ObjectType>, String> createRelationColumn() {
 			public void populateItem(Item<ICellPopulator<SelectableBean<ObjectType>>> cellItem,
 									 String componentId, IModel<SelectableBean<ObjectType>> rowModel) {
 				cellItem.add(new Label(componentId,
-						getRelationValue((FocusType) rowModel.getObject().getValue())));
+						getRelationValue(rowModel.getObject().getValue())));
 			}
 
 			@Override
 			public IModel<String> getDataModel(IModel<SelectableBean<ObjectType>> rowModel) {
-				return Model.of(getRelationValue((FocusType) rowModel.getObject().getValue()));
+				return Model.of(getRelationValue(rowModel.getObject().getValue()));
 			}
 
 		};
@@ -703,7 +703,7 @@ protected QName[] getMemberRelationQueryItem(){
 		return new QName[]{FocusType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF};
 	}
 
-	private String getRelationValue(FocusType focusObject){
+	private String getRelationValue(ObjectType focusObject){
 		StringBuilder relations = new StringBuilder();
 		if (focusObject == null){
 			return "";

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java

@@ -25,6 +25,8 @@
 
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.gui.api.component.ChooseMemberPopup;
+import com.evolveum.midpoint.gui.api.component.ChooseOrgMemberPopup;
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.prism.PrismConstants;
 import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
@@ -304,6 +306,23 @@ public boolean isVisible(){
 		return managerContainer;
 	}
 
+	@Override
+	protected void addMembers(AjaxRequestTarget target, List<QName> availableRelationList) {
+
+		ChooseOrgMemberPopup browser = new ChooseOrgMemberPopup(getPageBase().getMainPopupBodyId(), availableRelationList) {
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			protected OrgType getAssignmentTargetRefObject(){
+				return OrgMemberPanel.this.getModelObject();
+			}
+		};
+		browser.setOutputMarkupId(true);
+
+		getPageBase().showMainPopup(browser, target);
+
+	}
+
 	private void removeManagerPerformed(FocusType manager, AjaxRequestTarget target) {
 		OperationResult parentResult = new OperationResult(OPERATION_UNASSIGN_MANAGERS);
 		Task task = getPageBase().createSimpleTask(OPERATION_UNASSIGN_MANAGERS);

infra/schema/src/main/resources/localization/schema.properties

@@ -355,6 +355,7 @@ ObjectTypes.OBJECT=Object
 ObjectTypes.FORM=Form
 ObjectTypes.CASE=Case
 ObjectTypes.FUNCTION_LIBRARY=Function library
+ObjectTypes.OBJECT_COLLECTION=Object collection
 OrgType.parentOrganization=Parent Organization
 ObjectType.extension=Extension
 FocusType.assignmentKey=Assignment
@@ -498,6 +499,7 @@ PolicyViolationException.message.projectionPassword=Provided password does not s
 PolicyViolationException.message.credentials.nonce=Provided nonce does not satisfy the policies: {0}
 PolicyViolationException.message.credentials.password=Provided password does not satisfy the policies: {0}
 PolicyViolationException.message.credentials.securityQuestions=Provided security questions do not satisfy the policies: {0}
+PolicyViolationException.message.prunedRolesAssigned=Mutually-pruned roles cannot be assigned at the same time: {0} and {1}
 Credentials.nonce=nonce
 Credentials.password=password
 Credentials.securityQuestions=security questions

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedCompositeTrigger.java

@@ -36,7 +36,7 @@ public class EvaluatedCompositeTrigger extends EvaluatedPolicyRuleTrigger<Policy
 
 	public EvaluatedCompositeTrigger(@NotNull PolicyConstraintKindType kind, @NotNull PolicyConstraintsType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage, @NotNull Collection<EvaluatedPolicyRuleTrigger<?>> innerTriggers) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 		this.innerTriggers = innerTriggers;
 	}
 

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java

@@ -35,10 +35,17 @@ public class EvaluatedExclusionTrigger extends EvaluatedPolicyRuleTrigger<Exclus
 	private final ObjectType conflictingTarget;
 	private final AssignmentPath conflictingPath;
 
+	// we keep thisTarget and thisPath here because in the future they might be useful
 	public EvaluatedExclusionTrigger(@NotNull ExclusionPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage, @NotNull EvaluatedAssignment conflictingAssignment,
 			ObjectType thisTarget, ObjectType conflictingTarget, AssignmentPath thisPath, AssignmentPath conflictingPath) {
-		super(PolicyConstraintKindType.EXCLUSION, constraint, message, shortMessage);
+		this(constraint, message, shortMessage, conflictingAssignment, conflictingTarget, conflictingPath, false);
+	}
+
+	public EvaluatedExclusionTrigger(@NotNull ExclusionPolicyConstraintType constraint,
+			LocalizableMessage message, LocalizableMessage shortMessage, @NotNull EvaluatedAssignment conflictingAssignment,
+			ObjectType conflictingTarget, AssignmentPath conflictingPath, boolean enforcementOverride) {
+		super(PolicyConstraintKindType.EXCLUSION, constraint, message, shortMessage, enforcementOverride);
 		this.conflictingAssignment = conflictingAssignment;
 		this.conflictingTarget = conflictingTarget;
 		this.conflictingPath = conflictingPath;
@@ -48,6 +55,10 @@ public <F extends FocusType> EvaluatedAssignment<F> getConflictingAssignment() {
 		return conflictingAssignment;
 	}
 
+	public ObjectType getConflictingTarget() {
+		return conflictingTarget;
+	}
+
 	public AssignmentPath getConflictingPath() {
 		return conflictingPath;
 	}

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedHasAssignmentTrigger.java

@@ -27,7 +27,7 @@ public class EvaluatedHasAssignmentTrigger extends EvaluatedPolicyRuleTrigger<Ha
 
 	public EvaluatedHasAssignmentTrigger(@NotNull PolicyConstraintKindType kind, @NotNull HasAssignmentPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 	}
 
 	@Override

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedModificationTrigger.java

@@ -27,7 +27,7 @@ public class EvaluatedModificationTrigger extends EvaluatedPolicyRuleTrigger<Mod
 
 	public EvaluatedModificationTrigger(@NotNull PolicyConstraintKindType kind, @NotNull ModificationPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 	}
 
 	@Override

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedMultiplicityTrigger.java

@@ -27,7 +27,7 @@ public class EvaluatedMultiplicityTrigger extends EvaluatedPolicyRuleTrigger<Mul
 
 	public EvaluatedMultiplicityTrigger(@NotNull PolicyConstraintKindType kind, @NotNull MultiplicityPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 	}
 
 	@Override

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java

@@ -18,6 +18,7 @@
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
+import java.util.function.Predicate;
 
 import com.evolveum.midpoint.util.DebugDumpable;
 import com.evolveum.midpoint.util.LocalizableMessage;
@@ -67,7 +68,8 @@ default boolean isTriggered() {
 
 	Collection<PolicyExceptionType> getPolicyExceptions();
 
-	void addToEvaluatedPolicyRuleTypes(Collection<EvaluatedPolicyRuleType> rules, PolicyRuleExternalizationOptions options);
+	void addToEvaluatedPolicyRuleTypes(Collection<EvaluatedPolicyRuleType> rules, PolicyRuleExternalizationOptions options,
+			Predicate<EvaluatedPolicyRuleTrigger<?>> triggerSelector);
 
 	boolean isGlobal();
 
@@ -89,4 +91,7 @@ default boolean isTriggered() {
 	<T extends PolicyActionType> List<T> getEnabledActions(Class<T> clazz);
 
 	<T extends PolicyActionType> T getEnabledAction(Class<T> clazz);
+
+	// use only if you know what you're doing
+	void addTrigger(@NotNull EvaluatedPolicyRuleTrigger<?> trigger);
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRuleTrigger.java

@@ -39,12 +39,19 @@ public abstract class EvaluatedPolicyRuleTrigger<CT extends AbstractPolicyConstr
 	private final LocalizableMessage message;
 	private final LocalizableMessage shortMessage;
 
+	/**
+	 * If true, this trigger is to be reported as PolicyViolationException regardless of specified policy rule action.
+	 * Used e.g. for disallowing assignment of two pruned roles (MID-4766).
+	 */
+	private final boolean enforcementOverride;
+
 	public EvaluatedPolicyRuleTrigger(@NotNull PolicyConstraintKindType constraintKind, @NotNull CT constraint,
-			LocalizableMessage message, LocalizableMessage shortMessage) {
+			LocalizableMessage message, LocalizableMessage shortMessage, boolean enforcementOverride) {
 		this.constraintKind = constraintKind;
 		this.constraint = constraint;
 		this.message = message;
 		this.shortMessage = shortMessage;
+		this.enforcementOverride = enforcementOverride;
 	}
 
 	/**
@@ -56,7 +63,7 @@ public PolicyConstraintKindType getConstraintKind() {
 	}
 
 	@NotNull
-	public AbstractPolicyConstraintType getConstraint() {
+	public CT getConstraint() {
 		return constraint;
 	}
 
@@ -159,4 +166,7 @@ public Collection<EvaluatedPolicyRuleTrigger<?>> getInnerTriggers() {
 		return Collections.emptySet();
 	}
 
+	public boolean isEnforcementOverride() {
+		return enforcementOverride;
+	}
 }

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java

@@ -39,7 +39,7 @@ public class EvaluatedSituationTrigger extends EvaluatedPolicyRuleTrigger<Policy
 
 	public EvaluatedSituationTrigger(@NotNull PolicySituationPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage, @NotNull Collection<EvaluatedPolicyRule> sourceRules) {
-		super(PolicyConstraintKindType.SITUATION, constraint, message, shortMessage);
+		super(PolicyConstraintKindType.SITUATION, constraint, message, shortMessage, false);
 		this.sourceRules = sourceRules;
 	}
 
@@ -107,7 +107,7 @@ public EvaluatedSituationTriggerType toEvaluatedPolicyRuleTriggerType(PolicyRule
 		EvaluatedSituationTriggerType rv = new EvaluatedSituationTriggerType();
 		fillCommonContent(rv);
 		if (!options.isRespectFinalFlag() || !isFinal()) {
-			sourceRules.forEach(r -> r.addToEvaluatedPolicyRuleTypes(rv.getSourceRule(), options));
+			sourceRules.forEach(r -> r.addToEvaluatedPolicyRuleTypes(rv.getSourceRule(), options, null));
 		}
 		return rv;
 	}

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedStateTrigger.java

@@ -29,7 +29,7 @@ public class EvaluatedStateTrigger extends EvaluatedPolicyRuleTrigger<StatePolic
 
 	public EvaluatedStateTrigger(@NotNull PolicyConstraintKindType kind, @NotNull StatePolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 	}
 
 	@Override

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTimeValidityTrigger.java

@@ -27,7 +27,7 @@ public class EvaluatedTimeValidityTrigger extends EvaluatedPolicyRuleTrigger<Tim
 
 	public EvaluatedTimeValidityTrigger(@NotNull PolicyConstraintKindType kind, @NotNull TimeValidityPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 	}
 
 	@Override

model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTransitionTrigger.java

@@ -34,7 +34,7 @@ public class EvaluatedTransitionTrigger extends EvaluatedPolicyRuleTrigger<Trans
 
 	public EvaluatedTransitionTrigger(@NotNull PolicyConstraintKindType kind, @NotNull TransitionPolicyConstraintType constraint,
 			LocalizableMessage message, LocalizableMessage shortMessage, @NotNull Collection<EvaluatedPolicyRuleTrigger<?>> innerTriggers) {
-		super(kind, constraint, message, shortMessage);
+		super(kind, constraint, message, shortMessage, false);
 		this.innerTriggers = innerTriggers;
 	}