accesses metadata first test and implementation (as assignment paths)

When sysconfig roleManagement/accessesMetadataEnabled is set to true,
change in roleMembershipRefs stores also value metadata under
provenance/assignmentPath.

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -14012,6 +14012,19 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>
+            <!-- TODO fix names, consult - experimental? -->
+            <xsd:element name="accessesMetadataEnabled" type="xsd:boolean" minOccurs="0" default="false">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Global switch that enables accesses metadata processing for assignment holders.
+                        That stores not only indirect assignments but also the details how it appeared on the object.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>4.7</a:since>
+                        <a:displayName>RoleManagementConfigurationType.accessesMetadataEnabled</a:displayName>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
             <xsd:element name="relations" type="tns:RelationsDefinitionType" minOccurs="0">
                 <xsd:annotation>
                     <xsd:documentation>

infra/schema/src/main/resources/xml/ns/public/common/common-metadata-3.xsd

@@ -579,7 +579,9 @@
             </xsd:element>
             <xsd:element name="mappingSpecification" type="tns:MappingSpecificationType" minOccurs="0" maxOccurs="1">
             </xsd:element>
-            <!-- TODO here new type, will consolidated it later -->
+            <!-- TODO WIP accesses experiment, working name -->
+            <xsd:element name="assignmentPath" type="tns:AssignmentPathType" minOccurs="0" maxOccurs="unbounded">
+            </xsd:element>
         </xsd:sequence>
     </xsd:complexType>
     <xsd:element name="provenanceMetadata" type="tns:ProvenanceMetadataType"/>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentPathImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2020 Evolveum and contributors
+ * Copyright (C) 2010-2022 Evolveum and contributors
  *
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
@@ -8,10 +8,12 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
-
 import javax.xml.namespace.QName;
 
+import org.jetbrains.annotations.NotNull;
+
 import com.evolveum.midpoint.model.api.context.AssignmentPath;
 import com.evolveum.midpoint.model.api.context.AssignmentPathSegment;
 import com.evolveum.midpoint.model.api.util.AssignmentPathUtil;
@@ -23,8 +25,6 @@
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
-import org.jetbrains.annotations.NotNull;
-
 /**
  * Path from focus object to a given assignment.
  * Contains also some (although not complete) information on evaluation of individual segments.
@@ -78,16 +78,9 @@ public boolean isEmpty() {
     }
 
     @Override
-    public int size() { return segments.size(); }
-
-//    @Override
-//    public EvaluationOrder getEvaluationOrder() {
-//        if (isEmpty()) {
-//            return EvaluationOrderImpl.ZERO;
-//        } else {
-//            return last().getEvaluationOrder();
-//        }
-//    }
+    public int size() {
+        return segments.size();
+    }
 
     @Override
     public AssignmentPathSegmentImpl last() {
@@ -99,7 +92,7 @@ public AssignmentPathSegmentImpl beforeLast(int n) {
         if (size() <= n) {
             return null;
         } else {
-            return segments.get(segments.size()-1-n);
+            return segments.get(segments.size() - 1 - n);
         }
     }
 
@@ -109,7 +102,7 @@ public int countTargetOccurrences(ObjectType target) {
             return 0;
         }
         int count = 0;
-        for (AssignmentPathSegment segment: segments) {
+        for (AssignmentPathSegment segment : segments) {
             ObjectType segmentTarget = segment.getTarget();
             if (segmentTarget != null) {
                 if (segmentTarget.getOid() != null && target.getOid() != null && segmentTarget.getOid().equals(target.getOid())
@@ -133,7 +126,7 @@ public List<ObjectType> getFirstOrderChain() {
     @Override
     public ObjectType getProtoRole() {
         ObjectType protoRole = null;
-        for (AssignmentPathSegmentImpl segment: segments) {
+        for (AssignmentPathSegmentImpl segment : segments) {
             if (segment.isMatchingOrder && segment.getTarget() != null) {
                 protoRole = segment.getTarget();
             }
@@ -153,7 +146,6 @@ public boolean hasOnlyOrgs() {
         return true;
     }
 
-
     @Override
     public AssignmentPathImpl clone() {
         return cloneFirst(size());
@@ -183,7 +175,7 @@ public String debugDump(int indent) {
                 sb.append("\n");
                 DebugUtil.debugDump(sb, segments, indent + 1, false);
             } else {
-                for (AssignmentPathSegmentImpl segment: segments) {
+                for (AssignmentPathSegmentImpl segment : segments) {
                     sb.append("\n");
                     DebugUtil.indentDebugDump(sb, indent + 1);
                     segment.shortDump(sb);
@@ -196,13 +188,10 @@ public String debugDump(int indent) {
     @Override
     public void shortDump(StringBuilder sb) {
         ObjectType previousTarget = null;
-        for (AssignmentPathSegmentImpl segment: segments) {
+        for (AssignmentPathSegmentImpl segment : segments) {
             if (previousTarget == null) {
                 sb.append(segment.getSource()).append(" ");
             }
-//            sb.append("(");
-//            segment.getEvaluationOrder().shortDump(sb);
-//            sb.append("): ");
             ObjectType target = segment.getTarget();
             QName relation = segment.relation;
             if (target != null) {
@@ -217,9 +206,7 @@ public void shortDump(StringBuilder sb) {
                     sb.append(relation.getLocalPart());
                 }
                 sb.append("]--> ");
-                if (target != null) {
-                    sb.append(target);
-                }
+                sb.append(target);
             } else {
                 if (segment.isAssignment()) {
                     sb.append("a");
@@ -236,7 +223,10 @@ public void shortDump(StringBuilder sb) {
     @Override
     public AssignmentPathType toAssignmentPathType(boolean includeAssignmentsContent) {
         AssignmentPathType rv = new AssignmentPathType();
-        segments.forEach(seg -> rv.getSegment().add(seg.toAssignmentPathSegmentType(includeAssignmentsContent)));
+        AtomicInteger segmentOrder = new AtomicInteger(1);
+        segments.forEach(seg -> rv.getSegment().add(
+                seg.toAssignmentPathSegmentType(includeAssignmentsContent)
+                        .segmentOrder(segmentOrder.getAndIncrement())));
         return rv;
     }
 

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/PathSegmentEvaluation.java

@@ -1,12 +1,15 @@
 /*
- * Copyright (c) 2020 Evolveum and contributors
+ * Copyright (C) 2020-2022 Evolveum and contributors
  *
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-
 package com.evolveum.midpoint.model.impl.lens.assignments;
 
+import static java.util.Collections.emptyList;
+
+import java.util.List;
+
 import com.evolveum.midpoint.model.impl.lens.LensUtil;
 import com.evolveum.midpoint.prism.*;
 import com.evolveum.midpoint.prism.polystring.PolyString;
@@ -15,13 +18,12 @@
 import com.evolveum.midpoint.util.exception.*;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentSegmentEvaluationTraceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.prism.xml.ns._public.types_3.PlusMinusZeroType;
 
-import java.util.List;
-
-import static java.util.Collections.emptyList;
-
 /**
  * Carries out and holds assignment evaluation:
  *
@@ -33,7 +35,7 @@ public class PathSegmentEvaluation<AH extends AssignmentHolderType> extends Abst
 
     private static final Trace LOGGER = TraceManager.getTrace(PathSegmentEvaluation.class);
 
-    private static final String OP_EVALUATE = PathSegmentEvaluation.class.getName()+".evaluate";
+    private static final String OP_EVALUATE = PathSegmentEvaluation.class.getName() + ".evaluate";
 
     /**
      * The segment with the assignment that is being evaluated.
@@ -131,7 +133,7 @@ private void computeActivity() {
         } else {
             // But for other assignments/inducements we consider their validity by regarding their actual source.
             // So, even if (e.g.) focus is in "draft" state, only validity of direct assignments should be influenced by this fact.
-            // Other assignments (e.g. from roles to metaroles) should be considered valid, provided these roles are
+            // Other assignments (e.g. from roles to meta-roles) should be considered valid, provided these roles are
             // in active lifecycle states. See also MID-6113.
             //
             // TODO We should consider the assignment source's state model! But we are ignoring it for now.
@@ -170,7 +172,7 @@ private AssignmentSegmentEvaluationTraceType recordStart() {
                     ctx.primaryAssignmentMode);
         }
         if (result.isTracingNormal(AssignmentSegmentEvaluationTraceType.class)) {
-            AssignmentSegmentEvaluationTraceType trace = new AssignmentSegmentEvaluationTraceType(ctx.ae.prismContext)
+            AssignmentSegmentEvaluationTraceType trace = new AssignmentSegmentEvaluationTraceType()
                     .segment(segment.toAssignmentPathSegmentType(true));
             result.addTrace(trace);
             return trace;
@@ -195,7 +197,6 @@ private void traceComputedState() {
                 segment.getOverallConditionState());
     }
 
-
     private String getMatchingText(boolean matching) {
         return matching ?
                 "matching    " :
@@ -216,30 +217,30 @@ private void recordEnd() {
 
     private void checkSchema() throws SchemaException {
         if (segment.source == null) {
-            throw new IllegalArgumentException("Source cannot be null (while evaluating assignment "+ ctx.evalAssignment +")");
+            throw new IllegalArgumentException("Source cannot be null (while evaluating assignment " + ctx.evalAssignment + ")");
         }
 
         AssignmentType assignment = segment.assignment;
         PrismContainerValue<?> assignmentContainerValue = assignment.asPrismContainerValue();
         PrismContainerable<?> assignmentContainer = assignmentContainerValue.getParent();
         if (assignmentContainer == null) {
-            throw new SchemaException("The assignment "+assignment+" does not have a parent in "+segment.sourceDescription);
+            throw new SchemaException("The assignment " + assignment + " does not have a parent in " + segment.sourceDescription);
         }
         if (assignmentContainer.getDefinition() == null) {
-            throw new SchemaException("The assignment "+assignment+" does not have definition in "+segment.sourceDescription);
+            throw new SchemaException("The assignment " + assignment + " does not have definition in " + segment.sourceDescription);
         }
         PrismContainer<Containerable> extensionContainer = assignmentContainerValue.findContainer(AssignmentType.F_EXTENSION);
         if (extensionContainer != null) {
             if (extensionContainer.getDefinition() == null) {
-                throw new SchemaException("Extension does not have a definition in assignment "+assignment+" in "+segment.sourceDescription);
+                throw new SchemaException("Extension does not have a definition in assignment " + assignment + " in " + segment.sourceDescription);
             }
 
-            for (Item<?,?> item: extensionContainer.getValue().getItems()) {
+            for (Item<?, ?> item : extensionContainer.getValue().getItems()) {
                 if (item == null) {
-                    throw new SchemaException("Null item in extension in assignment "+assignment+" in "+segment.sourceDescription);
+                    throw new SchemaException("Null item in extension in assignment " + assignment + " in " + segment.sourceDescription);
                 }
                 if (item.getDefinition() == null) {
-                    throw new SchemaException("Item "+item+" has no definition in extension in assignment "+assignment+" in "+segment.sourceDescription);
+                    throw new SchemaException("Item " + item + " has no definition in extension in assignment " + assignment + " in " + segment.sourceDescription);
                 }
             }
         }