Do minor clarifications on "privileged" bulk flag

Evolveum · Jul 10, 2023 · d0f186a · d0f186a
1 parent 9b38936
commit d0f186a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/...olveum/midpoint/model/impl/lens/projector/policy/evaluators/StateConstraintEvaluator.java b/...olveum/midpoint/model/impl/lens/projector/policy/evaluators/StateConstraintEvaluator.java
@@ -262,10 +262,9 @@ public class StateConstraintEvaluator implements PolicyConstraintEvaluator<State
     }
 
     private void addAssignmentTargetArgument(List<Object> args, PolicyRuleEvaluationContext<?> ctx) {
-        if (!(ctx instanceof AssignmentPolicyRuleEvaluationContext)) {
+        if (!(ctx instanceof AssignmentPolicyRuleEvaluationContext<?> actx)) {
             args.add("");
         } else {
-            AssignmentPolicyRuleEvaluationContext<?> actx = (AssignmentPolicyRuleEvaluationContext<?>) ctx;
             args.add(ObjectTypeUtil.createDisplayInformation(actx.evaluatedAssignment.getTarget(), false));
         }
     }

diff --git a/...model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/ExecutionContext.java b/...model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/ExecutionContext.java
@@ -13,11 +13,13 @@
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.query.QueryConverter;
 import com.evolveum.midpoint.schema.expression.VariablesMap;
+import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.RunningTask;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ExecuteScriptType;
 import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ScriptingExpressionEvaluationOptionsType;
 
 import java.util.HashMap;
@@ -30,6 +32,12 @@
 public class ExecutionContext {
     private static final Trace LOGGER = TraceManager.getTrace(ExecutionContext.class);
 
+    /**
+     * Are we pre-authorized for dangerous operations like Groovy script execution? See
+     * {@link ScriptingExpressionEvaluator#evaluateExpressionPrivileged(ExecuteScriptType, VariablesMap, Task, OperationResult)}.
+     *
+     * TEMPORARY. To be replaced.
+     */
     private final boolean privileged;
     private final ScriptingExpressionEvaluationOptionsType options;
     private final Task task;

diff --git a/...rc/main/java/com/evolveum/midpoint/model/impl/scripting/ScriptingExpressionEvaluator.java b/...rc/main/java/com/evolveum/midpoint/model/impl/scripting/ScriptingExpressionEvaluator.java
@@ -113,10 +113,21 @@ public ExecutionContext evaluateExpression(@NotNull ExecuteScriptType executeScr
 
     /**
      * Entry point for privileged execution.
-     * Note that privileged execution means
+     *
+     * Note that privileged execution means the `root` authorization is not checked for some sensitive operations like custom
+     * script execution.
+     *
+     * See {@link ExecutionContext#isPrivileged()}.
+     *
+     * TEMPORARY.
      */
-    public ExecutionContext evaluateExpressionPrivileged(@NotNull ExecuteScriptType executeScript, @NotNull VariablesMap initialVariables, Task task, OperationResult result) throws ScriptExecutionException {
-        return evaluateExpression(executeScript, initialVariables, true, false, task, result);
+    public ExecutionContext evaluateExpressionPrivileged(
+            @NotNull ExecuteScriptType executeScript,
+            @NotNull VariablesMap initialVariables,
+            Task task,
+            OperationResult result) throws ScriptExecutionException {
+        return evaluateExpression(
+                executeScript, initialVariables, true, false, task, result);
     }
 
     /**