Role autoassign (MID-2840)

infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java

@@ -528,6 +528,10 @@ public static GetOperationOptions createReadOnly() {
 		opts.setReadOnly(true);
 		return opts;
 	}
+
+	public static Collection<SelectorOptions<GetOperationOptions>> createReadOnlyCollection() {
+		return SelectorOptions.createCollection(createReadOnly());
+	}
 
 	public Boolean getReadOnly() {
 		return readOnly;

infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java

@@ -243,6 +243,7 @@ public abstract class SchemaConstants {
 	public static final ItemPath PATH_LIFECYCLE_STATE = new ItemPath(ObjectType.F_LIFECYCLE_STATE);
 	public static final ItemPath PATH_ROLE_MEMBERSHIP_REF = new ItemPath(FocusType.F_ROLE_MEMBERSHIP_REF);
 	public static final ItemPath PATH_AUXILIARY_OBJECT_CLASS = new ItemPath(ShadowType.F_AUXILIARY_OBJECT_CLASS);
+	public static final ItemPath PATH_AUTOASSIGN_ENABLED = new ItemPath(AbstractRoleType.F_AUTOASSIGN, AutoassignSpecificationType.F_ENABLED);
 
 	public static final String NS_PROVISIONING = NS_MIDPOINT_PUBLIC + "/provisioning";
 	public static final String NS_PROVISIONING_LIVE_SYNC = NS_PROVISIONING + "/liveSync-3";

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -7759,9 +7759,37 @@
         <xsd:complexContent>
         	<xsd:extension base="tns:SearchObjectExpressionEvaluatorType">
 		        <xsd:sequence>
+		        	<xsd:element name="assignmentProperties" type="tns:AssignmentPropertiesSpecificationType" minOccurs="0">
+    					<xsd:annotation>
+    						<xsd:documentation>
+    							Properties of the new assignment.
+    						</xsd:documentation>
+    						<xsd:appinfo>
+    							<a:since>3.7</a:since>
+    						</xsd:appinfo>
+    					</xsd:annotation>
+    				</xsd:element>
 		        	<xsd:element name="relation" type="xsd:QName" minOccurs="0" maxOccurs="1">
+		        		<xsd:annotation>
+		        			<xsd:documentation>
+		        				DEPRECATED. Use assignmentProperties instead.
+		        			</xsd:documentation>
+		        			<xsd:appinfo>
+		        				<a:deprecated>true</a:deprecated>
+		        				<a:deprecatedSince>3.7</a:deprecatedSince>
+		        			</xsd:appinfo>
+		        		</xsd:annotation>
 		        	</xsd:element>
 		        	<xsd:element name="activation" type="tns:ActivationType" minOccurs="0" maxOccurs="1">
+		        		<xsd:annotation>
+		        			<xsd:documentation>
+		        				DEPRECATED. Use assignmentProperties instead.
+		        			</xsd:documentation>
+		        			<xsd:appinfo>
+		        				<a:deprecated>true</a:deprecated>
+		        				<a:deprecatedSince>3.7</a:deprecatedSince>
+		        			</xsd:appinfo>
+		        		</xsd:annotation>
 		        	</xsd:element>
 		        </xsd:sequence>
 	        </xsd:extension>
@@ -9422,7 +9450,17 @@
 							</xsd:appinfo>
 						</xsd:annotation>
 					</xsd:element>
-
+					<xsd:element name="autoassign" type="tns:AutoassignSpecificationType" minOccurs="0">
+		               <xsd:annotation>
+		                   <xsd:documentation>
+		                   		<p>
+			                       Specification of role autoassignmnt properties. Those properties
+			                       are evaluated to detect whether a role should be automatically
+			                       assigned to focus.
+		                       </p>
+		                   </xsd:documentation>
+		               </xsd:annotation>
+		           </xsd:element>
                 </xsd:sequence>
             </xsd:extension>
         </xsd:complexContent>
@@ -9680,6 +9718,139 @@
      		</xsd:element>
      	</xsd:sequence>
      </xsd:complexType>
+
+     <xsd:complexType name="AutoassignSpecificationType">
+     	<xsd:annotation>
+     		<xsd:documentation>
+     			<p>
+     				Specification of role autoassignmnt properties. Those properties
+                    are evaluated to detect whether a role should be automatically
+                    assigned to focus.
+     			</p>
+     		</xsd:documentation>
+     		<xsd:appinfo>
+     			<a:container/>
+     			<a:since>3.7</a:since>
+     		</xsd:appinfo>
+     	</xsd:annotation>
+     	<xsd:sequence>
+     		<xsd:element name="enabled" type="xsd:boolean" minOccurs="0" default="false">
+     			<xsd:annotation>
+     				<xsd:documentation>
+     					<p>
+	     					Flag indicating whether autoassign functionality is enabled for this
+	     					(abstract) role.
+     					</p>
+     					<p>
+     						Use with care. MidPoint will will have to process all the roles that
+     						have this flag set to true. All the roles will be looked up, autoassign
+     						specification will be processed to see if the focus is matching.
+     						This will happen all the time for all modification operations.
+     						Therefore it is disabled by default. Also, autoassign functionality
+     						needs to be globally enabled in system configuration.
+     					</p>
+     				</xsd:documentation>
+     				<xsd:appinfo>
+		               	<a:displayName>AutoassignSpecificationType.enabled</a:displayName>
+		               	<a:displayOrder>100</a:displayOrder>
+		               	<a:indexed>true</a:indexed>
+		            </xsd:appinfo>
+     			</xsd:annotation>
+     		</xsd:element>
+     		<xsd:element name="focus" type="tns:FocalAutoassignSpecificationType" minOccurs="0" maxOccurs="1">
+     			<xsd:annotation>
+     				<xsd:documentation>
+     					This is "focal" specification. It is applied on the focus (similarly to object template).
+     				</xsd:documentation>
+     				<xsd:appinfo>
+		               	<a:displayName>AutoassignSpecificationType.focus</a:displayName>
+		               	<a:displayOrder>110</a:displayOrder>
+		            </xsd:appinfo>
+     			</xsd:annotation>
+     		</xsd:element>
+     		<!-- TODO: later: inbound -->
+     	</xsd:sequence>
+    </xsd:complexType>
+
+     <xsd:complexType name="FocalAutoassignSpecificationType">
+     	<xsd:annotation>
+     		<xsd:documentation>
+     			<p>
+     				Specification of role autoassignmnt properties. Those properties
+                    are evaluated to detect whether a role should be automatically
+                    assigned to focus.
+                    This is "focal" specification. It is applied on the focus (similarly
+                    to object template).
+     			</p>
+     		</xsd:documentation>
+     		<xsd:appinfo>
+     			<a:container/>
+     			<a:since>3.7</a:since>
+     		</xsd:appinfo>
+     	</xsd:annotation>
+     	<xsd:sequence>
+     		<xsd:element name="mapping" type="tns:AutoassignMappingType" minOccurs="0" maxOccurs="unbounded">
+     			<xsd:annotation>
+     				<xsd:documentation>
+     					<p>
+     						Mapping that decides whether the roles has to be assigned.
+     						The mapping is supposed to produce an assignment for this role.
+     						However, the assignment is fed as a default source to the
+     						mapping. Therefore all that the mapping usually needs is to
+     						specify the condition. However, mapping expression can still be
+     						used to manipulate content of the assignment.
+     					</p>
+     					<p>
+     						This is mostly equivalent to the object tempate mapping, but default
+     						target is set to the assignment of this role.
+     					</p>
+     				</xsd:documentation>
+     			</xsd:annotation>
+     		</xsd:element>
+     		<!-- TODO: later: mapping is too flexible. It is will be difficult for the
+     		     role managers to be set from GUI. But we can support most of the policy rule
+     		     constraints here (PolicyConstraintsType). -->
+     	</xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="AutoassignMappingType">
+    	<xsd:annotation>
+    		<xsd:appinfo>
+    			<a:since>3.7</a:since>
+    		</xsd:appinfo>
+    	</xsd:annotation>
+    	<xsd:complexContent>
+    		<xsd:extension base="tns:MappingType">
+    			<xsd:sequence>
+    				<xsd:element name="assignmentProperties" type="tns:AssignmentPropertiesSpecificationType" minOccurs="0">
+    					<xsd:annotation>
+    						<xsd:documentation>
+    							Properties of the new assignment.
+    						</xsd:documentation>
+    					</xsd:annotation>
+    				</xsd:element>
+    			</xsd:sequence>
+    		</xsd:extension>
+    	</xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="AssignmentPropertiesSpecificationType">
+    	<xsd:annotation>
+    		<xsd:appinfo>
+    			<a:since>3.7</a:since>
+    		</xsd:appinfo>
+    	</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="relation" type="xsd:QName" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>
+						Relation that will be set for new assignment.
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<!-- TODO: later: activation, lifecycle -->
+		</xsd:sequence>
+    </xsd:complexType>
 
     <xsd:complexType name="AuthorizationType">
         <xsd:annotation>
@@ -13254,6 +13425,9 @@
             <xsd:documentation>
                 A configuration for role management: role catalog, role assignments, etc.
             </xsd:documentation>
+            <xsd:appinfo>
+            	<a:container>true</a:container>
+            </xsd:appinfo>
         </xsd:annotation>
         <xsd:sequence>
         	<xsd:element name="description" type="xsd:string" minOccurs="0"/>
@@ -13317,6 +13491,16 @@
 					</xsd:appinfo>
 				</xsd:annotation>
 			</xsd:element>
+			<xsd:element name="autoassignEnabled" type="xsd:boolean" minOccurs="0" default="false">
+				<xsd:annotation>
+					<xsd:documentation>
+						Global switch that enables autoassign functionality for roles.
+					</xsd:documentation>
+					<xsd:appinfo>
+						<a:since>3.7</a:since>
+					</xsd:appinfo>
+				</xsd:annotation>
+			</xsd:element>
         </xsd:sequence>
     </xsd:complexType>
 

model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssignmentTargetSearchExpressionEvaluator.java

@@ -34,6 +34,7 @@
 import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPropertiesSpecificationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
@@ -61,7 +62,7 @@ protected PrismContainerValue<AssignmentType> createPrismValue(String oid, QName
 		ObjectReferenceType targetRef = new ObjectReferenceType();
 		targetRef.setOid(oid);
 		targetRef.setType(targetTypeQName);
-		targetRef.setRelation(((SearchObjectRefExpressionEvaluatorType)getExpressionEvaluatorType()).getRelation());
+		targetRef.setRelation(getRelation());
 		assignmentType.setTargetRef(targetRef);
 
 		try {
@@ -80,6 +81,16 @@ protected PrismContainerValue<AssignmentType> createPrismValue(String oid, QName
 		return assignmentCVal;
 	}
 
+	private QName getRelation() {
+		SearchObjectRefExpressionEvaluatorType expressionEvaluatorType = (SearchObjectRefExpressionEvaluatorType) getExpressionEvaluatorType();
+		AssignmentPropertiesSpecificationType assignmentProperties = expressionEvaluatorType.getAssignmentProperties();
+		if (assignmentProperties != null) {
+			return assignmentProperties.getRelation();
+		} else {
+			return expressionEvaluatorType.getRelation();
+		}
+	}
+
 	/* (non-Javadoc)
 	 * @see com.evolveum.midpoint.common.expression.ExpressionEvaluator#shortDebugDump()
 	 */

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ChangeExecutor.java

@@ -41,8 +41,8 @@
 import com.evolveum.midpoint.model.impl.ModelObjectResolver;
 import com.evolveum.midpoint.model.impl.expr.ExpressionEnvironment;
 import com.evolveum.midpoint.model.impl.expr.ModelExpressionThreadLocalHolder;
-import com.evolveum.midpoint.model.impl.lens.projector.FocusConstraintsChecker;
 import com.evolveum.midpoint.model.impl.lens.projector.credentials.CredentialsProcessor;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.FocusConstraintsChecker;
 import com.evolveum.midpoint.model.impl.util.Utils;
 import com.evolveum.midpoint.prism.*;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/Clockwork.java

@@ -38,8 +38,8 @@
 import com.evolveum.midpoint.model.impl.ModelObjectResolver;
 import com.evolveum.midpoint.model.impl.controller.ModelUtils;
 import com.evolveum.midpoint.model.impl.lens.projector.ContextLoader;
-import com.evolveum.midpoint.model.impl.lens.projector.FocusConstraintsChecker;
 import com.evolveum.midpoint.model.impl.lens.projector.Projector;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.FocusConstraintsChecker;
 import com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler;
 import com.evolveum.midpoint.model.impl.util.Utils;
 import com.evolveum.midpoint.prism.*;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/PersonaProcessor.java

@@ -31,7 +31,7 @@
 import com.evolveum.midpoint.model.api.hooks.HookOperationMode;
 import com.evolveum.midpoint.model.impl.lens.projector.ComplexConstructionConsumer;
 import com.evolveum.midpoint.model.impl.lens.projector.ConstructionProcessor;
-import com.evolveum.midpoint.model.impl.lens.projector.ObjectTemplateProcessor;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.ObjectTemplateProcessor;
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismObjectDefinition;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/MappingEvaluator.java

@@ -612,13 +612,13 @@ private boolean hasNoValue(Item aPrioriTargetItem) {
     		iteration = focusOldType.getIteration();
     		iterationToken = focusOldType.getIterationToken();
     	}
-    	return createFocusMapping(mappingFactory, context, mappingType, originObject, focusOdo, focusOdo.getAnyObject(), assignmentPathVariables,
+    	return createFocusMapping(mappingFactory, context, mappingType, originObject, focusOdo, null, focusOdo.getAnyObject(), assignmentPathVariables,
     			iteration, iterationToken, configuration, now, contextDesc, task, result);
     }
 
     public <V extends PrismValue, D extends ItemDefinition, F extends FocusType, T extends FocusType> Mapping<V, D> createFocusMapping(
     		final MappingFactory mappingFactory, final LensContext<F> context, final MappingType mappingType, ObjectType originObject,
-			ObjectDeltaObject<F> focusOdo, PrismObject<T> defaultTargetObject, AssignmentPathVariables assignmentPathVariables,
+			ObjectDeltaObject<F> focusOdo, Source<V, D> defaultSource, PrismObject<T> defaultTargetObject, AssignmentPathVariables assignmentPathVariables,
 			Integer iteration, String iterationToken, PrismObject<SystemConfigurationType> configuration,
 			XMLGregorianCalendar now, String contextDesc, final Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
 
@@ -687,6 +687,7 @@ public ValuePolicyType resolve() {
 
 		Mapping.Builder<V,D> mappingBuilder = mappingFactory.<V,D>createMappingBuilder(mappingType, contextDesc)
 				.sourceContext(focusOdo)
+				.defaultSource(defaultSource)
 				.targetContext(defaultTargetObject.getDefinition())
 				.variables(variables)
 				.originalTargetValues(targetValues)

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ProjectionValuesProcessor.java

@@ -34,6 +34,7 @@
 import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
 import com.evolveum.midpoint.model.impl.lens.LensProjectionContext;
 import com.evolveum.midpoint.model.impl.lens.LensUtil;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.AssignmentProcessor;
 import com.evolveum.midpoint.model.impl.sync.CorrelationConfirmationEvaluator;
 import com.evolveum.midpoint.model.impl.util.Utils;
 import com.evolveum.midpoint.prism.OriginType;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/Projector.java

@@ -35,6 +35,8 @@
 import com.evolveum.midpoint.model.impl.lens.LensProjectionContext;
 import com.evolveum.midpoint.model.impl.lens.LensUtil;
 import com.evolveum.midpoint.model.impl.lens.projector.credentials.ProjectionCredentialsProcessor;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.AssignmentProcessor;
+import com.evolveum.midpoint.model.impl.lens.projector.focus.FocusProcessor;
 import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
 import com.evolveum.midpoint.repo.api.PreconditionViolationException;
 import com.evolveum.midpoint.schema.ResourceShadowDiscriminator;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/AssignmentProcessor.java → model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package com.evolveum.midpoint.model.impl.lens.projector;
+package com.evolveum.midpoint.model.impl.lens.projector.focus;
 
 import java.util.*;
 import java.util.Map.Entry;
@@ -23,6 +23,9 @@
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.model.impl.lens.projector.ComplexConstructionConsumer;
+import com.evolveum.midpoint.model.impl.lens.projector.ConstructionProcessor;
+import com.evolveum.midpoint.model.impl.lens.projector.MappingEvaluator;
 import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleProcessor;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import org.jetbrains.annotations.NotNull;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/AssignmentTripleEvaluator.java → model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentTripleEvaluator.java

@@ -13,13 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.evolveum.midpoint.model.impl.lens.projector;
+package com.evolveum.midpoint.model.impl.lens.projector.focus;
 
 import com.evolveum.midpoint.common.ActivationComputer;
 import com.evolveum.midpoint.model.api.ModelExecuteOptions;
 import com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision;
 import com.evolveum.midpoint.model.impl.controller.ModelUtils;
 import com.evolveum.midpoint.model.impl.lens.*;
+import com.evolveum.midpoint.model.impl.lens.projector.SmartAssignmentCollection;
+import com.evolveum.midpoint.model.impl.lens.projector.SmartAssignmentElement;
 import com.evolveum.midpoint.prism.PrismContainer;
 import com.evolveum.midpoint.prism.PrismContainerDefinition;
 import com.evolveum.midpoint.prism.PrismContainerValue;