From 4cb51b67657f4839ed20194b9087a06c7f4ce891 Mon Sep 17 00:00:00 2001 From: gpalos Date: Mon, 7 Mar 2016 15:54:25 +0100 Subject: [PATCH 01/12] updated samples for SAP supporting connector version 0.9.2 --- .../sap/{sap-advanced.xml => sap-medium.xml} | 28 ++++--------------- .../sap/task-import-activity-groups.xml | 2 +- 2 files changed, 6 insertions(+), 24 deletions(-) rename samples/resources/sap/{sap-advanced.xml => sap-medium.xml} (92%) diff --git a/samples/resources/sap/sap-advanced.xml b/samples/resources/sap/sap-medium.xml similarity index 92% rename from samples/resources/sap/sap-advanced.xml rename to samples/resources/sap/sap-medium.xml index 99d7f04dfb8..baac9146a1a 100644 --- a/samples/resources/sap/sap-advanced.xml +++ b/samples/resources/sap/sap-medium.xml @@ -27,10 +27,7 @@ secret - false false - - AGR_DEFINE=MANDT:3,AGR_NAME:30:KEY,PARENT_AGR:30,CREATE_USR:12 false @@ -223,7 +220,7 @@ entitlement roles ActivityGroups - ri:CustomAGR_DEFINEObjectClass + ri:CustomACTIVITYGROUPObjectClass icfs:name @@ -251,30 +248,15 @@ + @@ -323,7 +305,7 @@ role sync - ri:CustomAGR_DEFINEObjectClass + ri:CustomACTIVITYGROUPObjectClass entitlement roles c:RoleType diff --git a/samples/resources/sap/task-import-activity-groups.xml b/samples/resources/sap/task-import-activity-groups.xml index dfb0ab3876c..05891dedddc 100644 --- a/samples/resources/sap/task-import-activity-groups.xml +++ b/samples/resources/sap/task-import-activity-groups.xml @@ -9,7 +9,7 @@ entitlement roles - ri:CustomAGR_DEFINEObjectClass + ri:CustomACTIVITYGROUPObjectClass runnable From 71dfcd6c0e892827edbe4a6446d8233c4f9c6e8e Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Mon, 7 Mar 2016 17:51:37 +0100 Subject: [PATCH 02/12] Support for matching rules in PrismPropertyDefinition. Support for ConnId subtypes. --- .../refinery/RefinedAttributeDefinition.java | 5 +- .../midpoint/prism/PrismConstants.java | 3 +- .../prism/PrismPropertyDefinition.java | 18 +++- .../match/MatchingRuleRegistryFactory.java | 1 + .../prism/match/UuidMatchingRule.java | 86 +++++++++++++++++++ .../prism/schema/DomToSchemaProcessor.java | 9 +- .../prism/schema/SchemaToDomProcessor.java | 6 +- .../resources/xml/ns/public/annotation-3.xsd | 14 ++- .../ucf/impl/ConnectorFactoryIcfImpl.java | 7 +- .../ucf/impl/ConnectorInstanceIcfImpl.java | 30 ++++++- .../provisioning/test/impl/TestOpenDJ.java | 53 ++++++++++++ .../test/resources/object/resource-opendj.xml | 14 ++- 12 files changed, 224 insertions(+), 22 deletions(-) create mode 100644 infra/prism/src/main/java/com/evolveum/midpoint/prism/match/UuidMatchingRule.java diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedAttributeDefinition.java b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedAttributeDefinition.java index 2730681b488..7f9b5ff5469 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedAttributeDefinition.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedAttributeDefinition.java @@ -360,9 +360,12 @@ static RefinedAttributeDefinition parse(ResourceAttributeDefinition sc } } + rAttrDef.matchingRuleQName = schemaAttrDef.getMatchingRuleQName(); if (schemaHandlingAttrDefType != null) { rAttrDef.fetchStrategy = schemaHandlingAttrDefType.getFetchStrategy(); - rAttrDef.matchingRuleQName = schemaHandlingAttrDefType.getMatchingRule(); + if (schemaHandlingAttrDefType.getMatchingRule() != null) { + rAttrDef.matchingRuleQName = schemaHandlingAttrDefType.getMatchingRule(); + } } PropertyLimitations schemaLimitations = getOrCreateLimitations(rAttrDef.limitationsMap, LayerType.SCHEMA); diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismConstants.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismConstants.java index b5efe79c8d3..1b3a8286977 100644 --- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismConstants.java +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismConstants.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Evolveum + * Copyright (c) 2010-2016 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -73,6 +73,7 @@ public class PrismConstants { public static final QName A_COMPOSITE = new QName(NS_ANNOTATION, "composite"); public static final QName A_DEPRECATED = new QName(NS_ANNOTATION, "deprecated"); public static final QName A_LABEL = new QName(NS_ANNOTATION, "label"); + public static final QName A_MATCHING_RULE = new QName(NS_ANNOTATION, "matchingRule"); public static final QName SCHEMA_DOCUMENTATION = new QName(W3C_XML_SCHEMA_NS_URI, "documentation"); public static final QName SCHEMA_APP_INFO = new QName(W3C_XML_SCHEMA_NS_URI, "appinfo"); diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismPropertyDefinition.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismPropertyDefinition.java index 69ca4b3cce1..9289490d58e 100644 --- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismPropertyDefinition.java +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismPropertyDefinition.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2015 Evolveum + * Copyright (c) 2010-2016 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -60,6 +60,7 @@ public class PrismPropertyDefinition extends ItemDefinition> private Collection> allowedValues; private Boolean indexed = null; private T defaultValue; + private QName matchingRuleQName = null; public PrismPropertyDefinition(QName elementName, QName typeName, PrismContext prismContext) { super(elementName, typeName, prismContext); @@ -121,6 +122,21 @@ public void setIndexed(Boolean indexed) { this.indexed = indexed; } + /** + * Returns matching rule name. Matching rules are algorithms that specify + * how to compare, normalize and/or order the values. E.g. there are matching + * rules for case insensitive string comparison, for LDAP DNs, etc. + * + * @return matching rule name + */ + public QName getMatchingRuleQName() { + return matchingRuleQName; + } + + public void setMatchingRuleQName(QName matchingRuleQName) { + this.matchingRuleQName = matchingRuleQName; + } + @Override public PrismProperty instantiate() { return instantiate(getName()); diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/MatchingRuleRegistryFactory.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/MatchingRuleRegistryFactory.java index 9b82d8cc43b..202ff02d4d3 100644 --- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/MatchingRuleRegistryFactory.java +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/MatchingRuleRegistryFactory.java @@ -33,6 +33,7 @@ public static MatchingRuleRegistry createRegistry() { registry.registerMatchingRule(new ExchangeEmailAddressesMatchingRule()); registry.registerMatchingRule(new DistinguishedNameMatchingRule()); registry.registerMatchingRule(new XmlMatchingRule()); + registry.registerMatchingRule(new UuidMatchingRule()); return registry; } diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/UuidMatchingRule.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/UuidMatchingRule.java new file mode 100644 index 00000000000..b8be4bf9e59 --- /dev/null +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/match/UuidMatchingRule.java @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2010-2016 Evolveum + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.evolveum.midpoint.prism.match; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.xml.namespace.QName; + +import org.apache.commons.lang.StringUtils; + +import com.evolveum.midpoint.prism.PrismConstants; +import com.evolveum.midpoint.util.DOMUtil; + +/** + * Matching rule for universally unique identifier (UUID). + * + * Currently it is (almost) simple case ignore matching. + * + * @author Radovan Semancik + * + */ +public class UuidMatchingRule implements MatchingRule { + + public static final QName NAME = new QName(PrismConstants.NS_MATCHING_RULE, "uuid"); + + @Override + public QName getName() { + return NAME; + } + + @Override + public boolean isSupported(QName xsdType) { + return (DOMUtil.XSD_STRING.equals(xsdType)); + } + + /* (non-Javadoc) + * @see com.evolveum.midpoint.model.match.MatchingRule#match(java.lang.Object, java.lang.Object) + */ + @Override + public boolean match(String a, String b) { + if (a == null && b == null) { + return true; + } + if (a == null || b == null) { + return false; + } + return StringUtils.equalsIgnoreCase(a.trim(), b.trim()); + } + + /* (non-Javadoc) + * @see com.evolveum.midpoint.prism.match.MatchingRule#normalize(java.lang.Object) + */ + @Override + public String normalize(String original) { + if (original == null) { + return null; + } + return StringUtils.lowerCase(original).trim(); + } + + @Override + public boolean matchRegex(String a, String regex) { + if (a == null){ + return false; + } + + Pattern pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE); + Matcher matcher = pattern.matcher(a); + return matcher.matches(); + } + +} diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaProcessor.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaProcessor.java index 82a294e3b4e..fd156c3fc89 100644 --- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaProcessor.java +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaProcessor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2015 Evolveum + * Copyright (c) 2010-2065 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import static com.evolveum.midpoint.prism.PrismConstants.A_HELP; import static com.evolveum.midpoint.prism.PrismConstants.A_IGNORE; import static com.evolveum.midpoint.prism.PrismConstants.A_INDEXED; +import static com.evolveum.midpoint.prism.PrismConstants.A_MATCHING_RULE; import static com.evolveum.midpoint.prism.PrismConstants.A_MAX_OCCURS; import static com.evolveum.midpoint.prism.PrismConstants.A_OBJECT; import static com.evolveum.midpoint.prism.PrismConstants.A_OBJECT_REFERENCE; @@ -868,6 +869,12 @@ private PrismPropertyDefinition createPropertyDefinition(XSType xsType, Q propDef.setIndexed(indexable); } + Element matchingRuleElement = SchemaProcessorUtil.getAnnotationElement(annotation, A_MATCHING_RULE); + if (matchingRuleElement != null) { + QName matchingRule = XmlTypeConverter.toJavaValue(matchingRuleElement, QName.class); + propDef.setMatchingRuleQName(matchingRule); + } + return propDef; } diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/SchemaToDomProcessor.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/SchemaToDomProcessor.java index c106903f077..dd90c26060d 100644 --- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/SchemaToDomProcessor.java +++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/SchemaToDomProcessor.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Evolveum + * Copyright (c) 2010-2016 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -256,6 +256,10 @@ private void addPropertyDefinition(PrismPropertyDefinition definition, Element p if (definition.isIndexed() != null) { addAnnotation(A_INDEXED, XmlTypeConverter.toXmlTextContent(definition.isIndexed(), A_INDEXED), appinfo); } + + if (definition.getMatchingRuleQName() != null) { + addAnnotation(A_MATCHING_RULE, definition.getMatchingRuleQName(), appinfo); + } SchemaDefinitionFactory definitionFactory = getDefinitionFactory(); definitionFactory.addExtraPropertyAnnotations(definition, appinfo, this); diff --git a/infra/prism/src/main/resources/xml/ns/public/annotation-3.xsd b/infra/prism/src/main/resources/xml/ns/public/annotation-3.xsd index 5676f608a20..4f42e67de50 100644 --- a/infra/prism/src/main/resources/xml/ns/public/annotation-3.xsd +++ b/infra/prism/src/main/resources/xml/ns/public/annotation-3.xsd @@ -1,7 +1,7 @@ explicit From 044671d77cf6f09b0481f68a857abea2a8299ae8 Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Mon, 7 Mar 2016 19:58:13 +0100 Subject: [PATCH 03/12] Fixing excessive normalization on sync+rename --- .../midpoint/provisioning/impl/ShadowCache.java | 16 +++++++++------- .../provisioning/test/impl/TestOpenDJ.java | 6 ++++-- .../resources/common/system-configuration.xml | 6 +++++- .../conntest/src/test/resources/logback-test.xml | 2 +- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ShadowCache.java b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ShadowCache.java index 01d6a3be976..014748a8581 100644 --- a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ShadowCache.java +++ b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ShadowCache.java @@ -1161,8 +1161,10 @@ public int synchronize(ResourceShadowDiscriminator shadowCoordinates, PrismPrope } } - @SuppressWarnings("rawtypes") boolean processSynchronization(ProvisioningContext ctx, Change change, OperationResult result) throws SchemaException, ObjectNotFoundException, + @SuppressWarnings("rawtypes") + boolean processSynchronization(ProvisioningContext ctx, Change change, OperationResult result) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException { + ResourceObjectShadowChangeDescription shadowChangeDescription = createResourceShadowChangeDescription( change, ctx.getResource(), ctx.getChannel()); @@ -1362,7 +1364,7 @@ void processChange(ProvisioningContext ctx, Change change, PrismObje } - + // TODO: better move this to shadowManager? private void forceRenameIfNeeded(ProvisioningContext ctx, ShadowType currentShadowType, ShadowType oldShadowType, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, ConfigurationException, CommunicationException { Collection> oldSecondaryIdentifiers = ShadowUtil.getSecondaryIdentifiers(oldShadowType); if (oldSecondaryIdentifiers.isEmpty()){ @@ -1382,11 +1384,10 @@ private void forceRenameIfNeeded(ProvisioningContext ctx, ShadowType currentShad Collection newValue = newSecondaryIdentifier.getRealValues(); if (!shadowManager.compareAttribute(ctx.getObjectClassDefinition(), newSecondaryIdentifier, oldSecondaryIdentifier)){ - PropertyDelta shadowNameDelta = PropertyDelta.createDelta(new ItemPath(ShadowType.F_ATTRIBUTES, oldSecondaryIdentifier.getElementName()), oldShadowType.asPrismObject().getDefinition()); - shadowNameDelta.addValuesToDelete(PrismPropertyValue.cloneCollection((Collection)oldSecondaryIdentifier.getValues())); - shadowManager.normalizeAttributes(currentShadowType.asPrismObject(), ctx.getObjectClassDefinition()); - shadowNameDelta.addValuesToAdd(PrismPropertyValue.cloneCollection((Collection)newSecondaryIdentifier.getValues())); - renameDeltas.add(shadowNameDelta); + PropertyDelta propertyDelta = PropertyDelta.createDelta(new ItemPath(ShadowType.F_ATTRIBUTES, oldSecondaryIdentifier.getElementName()), oldShadowType.asPrismObject().getDefinition()); + propertyDelta.addValuesToDelete(PrismPropertyValue.cloneCollection((Collection)oldSecondaryIdentifier.getValues())); + propertyDelta.addValuesToAdd(PrismPropertyValue.cloneCollection((Collection)newSecondaryIdentifier.getValues())); + renameDeltas.add(propertyDelta); } } @@ -1406,6 +1407,7 @@ private void forceRenameIfNeeded(ProvisioningContext ctx, ShadowType currentShad } } if (!renameDeltas.isEmpty()){ + shadowManager.normalizeDeltas((Collection)renameDeltas, ctx.getObjectClassDefinition()); ConstraintsChecker.onShadowModifyOperation(renameDeltas); repositoryService.modifyObject(ShadowType.class, oldShadowType.getOid(), renameDeltas, parentResult); oldShadowType.setName(new PolyStringType(currentShadowName)); diff --git a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestOpenDJ.java b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestOpenDJ.java index 342f6a058d0..187fa88565b 100644 --- a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestOpenDJ.java +++ b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestOpenDJ.java @@ -671,8 +671,10 @@ public void test110GetObject() throws Exception { assertEquals(ACCOUNT1_OID, addedObjectOid); PropertyReferenceListType resolve = new PropertyReferenceListType(); + // WHEN ShadowType shadow = provisioningService.getObject(ShadowType.class, ACCOUNT1_OID, null, task, result).asObjectable(); + // THEN assertNotNull(shadow); display(SchemaDebugUtil.prettyPrint(shadow)); @@ -709,7 +711,7 @@ public void test110GetObject() throws Exception { // must be all lowercase assertEquals("Wrong secondary identifier (repo)", "uid=jbond,ou=people,dc=example,dc=com", idSecondaryVal); - assertShadows(2); + assertShadows(2); } /** @@ -839,7 +841,7 @@ public void test121RenameAccountWillOnResource() throws Exception{ ShadowType provisioningAccountType = provisioningService.getObject(ShadowType.class, ACCOUNT_WILL_OID, null, task, result).asObjectable(); PrismAsserts.assertEqualsPolyString("Name not equal.", "uid=will123,ou=People,dc=example,dc=com", provisioningAccountType.getName()); - assertAttribute(provisioningAccountType, getSecondaryIdentifierQName(), "uid=will123,ou=people,dc=example,dc=com"); + assertAttribute(provisioningAccountType, getSecondaryIdentifierQName(), "uid=will123,ou=People,dc=example,dc=com"); repoShadowType = repositoryService.getObject(ShadowType.class, ACCOUNT_WILL_OID, null, result).asObjectable(); diff --git a/testing/conntest/src/test/resources/common/system-configuration.xml b/testing/conntest/src/test/resources/common/system-configuration.xml index 5190abaf4d2..e5746e0f23a 100644 --- a/testing/conntest/src/test/resources/common/system-configuration.xml +++ b/testing/conntest/src/test/resources/common/system-configuration.xml @@ -43,6 +43,10 @@ DEBUG com.evolveum.midpoint.model + + TRACE + com.evolveum.midpoint.model.impl.sync.SynchronizationService + INFO org.identityconnectors @@ -68,7 +72,7 @@ com.evolveum.midpoint.model.impl.lens.Clockwork - DEBUG + TRACE com.evolveum.midpoint.provisioning diff --git a/testing/conntest/src/test/resources/logback-test.xml b/testing/conntest/src/test/resources/logback-test.xml index f8511b36802..b0415ec2c14 100644 --- a/testing/conntest/src/test/resources/logback-test.xml +++ b/testing/conntest/src/test/resources/logback-test.xml @@ -40,7 +40,7 @@ - + From 92b16a2a7f23c7dccc285d2ad87664bb3de09821 Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Mon, 7 Mar 2016 21:23:17 +0100 Subject: [PATCH 04/12] Last try at Travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d37920400e2..3d9427f70a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,2 +1,2 @@ language: java -script: "travis_wait 40 mvn clean install verify" +script: "travis_wait 70 mvn clean install" From 20e1ab6bff4b1145b69f0969edfbd50e34ee492f Mon Sep 17 00:00:00 2001 From: honchar Date: Tue, 8 Mar 2016 12:48:42 +0100 Subject: [PATCH 05/12] Request panel, little fix --- .../assignment/MultipleAssignmentSelector.java | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/MultipleAssignmentSelector.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/MultipleAssignmentSelector.java index 9c4ebdb25cb..fcc180c25cb 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/MultipleAssignmentSelector.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/MultipleAssignmentSelector.java @@ -251,23 +251,7 @@ private BoxedTablePanel initTablePanel(BaseSortableDataProvider tableProvider){ List, String>> columns = initColumns(); BoxedTablePanel table = new BoxedTablePanel(ID_TABLE, tableProvider, columns, - UserProfileStorage.TableId.TABLE_ROLES, ITEMS_PER_PAGE){ - @Override - protected void onBeforeRender() { - super.onBeforeRender(); - long itemCount = this.getDataTable().getItemCount(); - if (itemCount == 0 || itemCount % ITEMS_PER_PAGE > 0){ - long pageCount = this.getDataTable().getPageCount(); - this.getDataTable().setCurrentPage(pageCount); - BaseSortableDataProvider provider = (BaseSortableDataProvider)this.getDataTable().getDataProvider(); - List list = provider.getAvailableData(); - IModel model = this.getDataTable().getDefaultModel(); - if (list != null && model != null) { - list.add(new AssignmentEditorDto(UserDtoStatus.MODIFY, new AssignmentType(), getPageBase())); - } - } - } - }; + UserProfileStorage.TableId.TABLE_ROLES, ITEMS_PER_PAGE); updateBoxedTablePanelStyles(table); //hide footer menu table.getFooterMenu().setVisible(false); From 64f2d7729ea8cf76afc49a57293d018b56c1561a Mon Sep 17 00:00:00 2001 From: gpalos Date: Tue, 8 Mar 2016 14:24:47 +0100 Subject: [PATCH 06/12] advanced sample --- .../resources/sap/object-template-role.xml | 44 ++ samples/resources/sap/role-group-metarole.xml | 36 ++ .../resources/sap/role-profile-metarole.xml | 36 ++ samples/resources/sap/sap-advanced.xml | 545 ++++++++++++++++++ samples/resources/sap/sap-medium.xml | 11 +- .../sap/task-import-activity-groups.xml | 2 +- samples/resources/sap/task-import-groups.xml | 22 + .../resources/sap/task-import-profiles.xml | 22 + 8 files changed, 716 insertions(+), 2 deletions(-) create mode 100644 samples/resources/sap/role-group-metarole.xml create mode 100644 samples/resources/sap/role-profile-metarole.xml create mode 100644 samples/resources/sap/sap-advanced.xml create mode 100644 samples/resources/sap/task-import-groups.xml create mode 100644 samples/resources/sap/task-import-profiles.xml diff --git a/samples/resources/sap/object-template-role.xml b/samples/resources/sap/object-template-role.xml index 2ba7f9acf2b..d6fa9c6f28a 100644 --- a/samples/resources/sap/object-template-role.xml +++ b/samples/resources/sap/object-template-role.xml @@ -31,4 +31,48 @@ + + SAP Group metarole assignment + true + + roleType + + + + c:RoleType + 239990f4-ffb9-417e-8784-7dc72e645db5 + + + + assignment + + + + + + + + SAP Group metarole assignment + true + + roleType + + + + c:RoleType + 1fc57929-9f8c-4cc2-9bec-0873812704cd + + + + assignment + + + + + + diff --git a/samples/resources/sap/role-group-metarole.xml b/samples/resources/sap/role-group-metarole.xml new file mode 100644 index 00000000000..7c2d8a8bb61 --- /dev/null +++ b/samples/resources/sap/role-group-metarole.xml @@ -0,0 +1,36 @@ + + group metarole + 0 + + + + + account + + ri:groups + + normal + + + + entitlement + groups + + + + + + + 2 + + + \ No newline at end of file diff --git a/samples/resources/sap/role-profile-metarole.xml b/samples/resources/sap/role-profile-metarole.xml new file mode 100644 index 00000000000..9857a6de7ba --- /dev/null +++ b/samples/resources/sap/role-profile-metarole.xml @@ -0,0 +1,36 @@ + + profile metarole + 0 + + + + + account + + ri:profiles + + normal + + + + entitlement + profiles + + + + + + + 2 + + + \ No newline at end of file diff --git a/samples/resources/sap/sap-advanced.xml b/samples/resources/sap/sap-advanced.xml new file mode 100644 index 00000000000..6ffc05003ea --- /dev/null +++ b/samples/resources/sap/sap-advanced.xml @@ -0,0 +1,545 @@ + + SAP + + + + + c:connectorType + com.evolveum.polygon.connector.sap.SapConnector + + + + + + host.to.sap + 34 + SRS + 200 + USER + + secret + + false + + + false + false + false + + true + + + + + account + default + Default Account + true + ri:AccountObjectClass + + icfs:name + USERNAME + + 0 + + mr:stringIgnoreCase + + + $user/name + + + + + $user/name + + + + + icfs:uid + + + true + false + false + + + mr:stringIgnoreCase + + + ri:ADDRESS.TITLE_P + + + $user/title + + + + + $user/title + + + + + ri:ADDRESS.FIRSTNAME + + + $user/givenName + + + + + $user/givenName + + + + + ri:ADDRESS.LASTNAME + + + $user/familyName + + + + + $user/familyName + + + + + ri:ADDRESS.TITLE_ACA1 + + + $user/honorificPrefix + + + + + $user/honorificPrefix + + + + + ri:ADDRESS.E_MAIL + + + $user/emailAddress + + + + + $user/emailAddress + + + + + ri:ADDRESS.TEL1_NUMBR + + + $user/telephoneNumber + + + + + $user/telephoneNumber + + + + + ri:ADDRESS.DEPARTMENT + + + $user/organization + + + + + $user/organization + + + + + ri:ADDRESS.LANGU_P + + + $user/preferredLanguage + + + + + $user/preferredLanguage + + + + + + ri:roles + + Activity group (role) Membership + true + entitlement + roles + subjectToObject + ri:ACTIVITYGROUPS.AGR_NAME + icfs:uid + + + + ri:groups + + Group Membership + true + entitlement + groups + subjectToObject + ri:GROUPS.USERGROUP + icfs:uid + + + + ri:profiles + + Profile Membership + true + entitlement + profiles + subjectToObject + ri:PROFILES.BAPIPROF + icfs:uid + + + + admin + + + + + + weak + + + + + + + + + + + + + + + + + + + entitlement + roles + ActivityGroups + ri:CustomACTIVITYGROUPObjectClass + + icfs:name + + + true + false + false + + + + + + name + + + + + SAP-ActivityGroup + + + roleType + + + + + icfs:uid + + + true + false + false + + + + + + ri:PARENT_AGR + + + description + + + + + + entitlement + groups + Groups + ri:CustomGROUPObjectClass + + icfs:name + + + true + false + false + + + + + + name + + + + + SAP-Group + + + roleType + + + + + icfs:uid + Entry UUID + + + true + false + false + + + + + + + entitlement + profiles + Profiles + ri:CustomPROFILEObjectClass + + icfs:name + + + true + false + false + + + + + + name + + + + + SAP-Profile + + + roleType + + + + + icfs:uid + Entry UUID + + + true + false + false + + + + + + + + + + + user sync + ri:AccountObjectClass + account + default + true + + + c:name + + $account/attributes/icfs:name + + + + + linked + true + + + deleted + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink + + + + unlinked + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#link + + + + unmatched + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus + + + + + + role sync + ri:CustomACTIVITYGROUPObjectClass + entitlement + roles + c:RoleType + true + + + c:name + + $shadow/attributes/icfs:name + + + + + linked + true + + + deleted + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink + + + + unlinked + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#link + + + + unmatched + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus + + + + + + group sync + ri:CustomGROUPObjectClass + entitlement + groups + c:RoleType + true + + + c:name + + $shadow/attributes/icfs:name + + + + + linked + true + + + deleted + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink + + + + unlinked + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#link + + + + unmatched + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus + + + + + + profile sync + ri:CustomPROFILEObjectClass + entitlement + profiles + c:RoleType + true + + + c:name + + $shadow/attributes/icfs:name + + + + + linked + true + + + deleted + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink + + + + unlinked + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#link + + + + unmatched + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus + + + + + \ No newline at end of file diff --git a/samples/resources/sap/sap-medium.xml b/samples/resources/sap/sap-medium.xml index baac9146a1a..a344786dbe6 100644 --- a/samples/resources/sap/sap-medium.xml +++ b/samples/resources/sap/sap-medium.xml @@ -187,7 +187,7 @@ entitlement roles subjectToObject - ri:ACTIVITYGROUPS + ri:ACTIVITYGROUPS.AGR_NAME icfs:uid @@ -236,6 +236,15 @@ name + + + + SAP-ActivityGroup + + + roleType + + icfs:uid diff --git a/samples/resources/sap/task-import-activity-groups.xml b/samples/resources/sap/task-import-activity-groups.xml index 05891dedddc..711ce0f2e29 100644 --- a/samples/resources/sap/task-import-activity-groups.xml +++ b/samples/resources/sap/task-import-activity-groups.xml @@ -12,7 +12,7 @@ ri:CustomACTIVITYGROUPObjectClass - runnable + suspended ImportingAccounts http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/import/handler-3 diff --git a/samples/resources/sap/task-import-groups.xml b/samples/resources/sap/task-import-groups.xml new file mode 100644 index 00000000000..17d96628f01 --- /dev/null +++ b/samples/resources/sap/task-import-groups.xml @@ -0,0 +1,22 @@ + + import groups + + entitlement + groups + ri:CustomGROUPObjectClass + + + suspended + ImportingAccounts + http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/import/handler-3 + + single + loose + restart + \ No newline at end of file diff --git a/samples/resources/sap/task-import-profiles.xml b/samples/resources/sap/task-import-profiles.xml new file mode 100644 index 00000000000..82f8aee1f70 --- /dev/null +++ b/samples/resources/sap/task-import-profiles.xml @@ -0,0 +1,22 @@ + + import profiles + + entitlement + profiles + ri:CustomPROFILEObjectClass + + + suspended + ImportingAccounts + http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/import/handler-3 + + single + loose + restart + \ No newline at end of file From b8062f281090cf6fd52be07f6fbeae4311aa9359 Mon Sep 17 00:00:00 2001 From: honchar Date: Wed, 9 Mar 2016 12:05:54 +0100 Subject: [PATCH 07/12] MID-2148 --- .../admin/users/component/OrgUnitBrowser.java | 19 +++++++++++++++++++ .../admin/users/component/TreeTablePanel.java | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgUnitBrowser.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgUnitBrowser.java index eaf830cd9ea..d51bf0d21ef 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgUnitBrowser.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgUnitBrowser.java @@ -68,6 +68,7 @@ public static enum Operation {MOVE, ADD, REMOVE, RECOMPUTE} private static final String DOT_CLASS = OrgUnitBrowser.class.getName() + "."; private static final String OPERATION_LOAD_PARENT_ORG_REFS = DOT_CLASS + "loadParentOrgRefs"; + private static final String OPERATION_LOAD_CHILD_ORGS = DOT_CLASS + "loadChildOrgOids"; private static final String ID_BASIC_SEARCH = "basicSearch"; private static final String ID_TABLE = "table"; @@ -272,11 +273,29 @@ private ObjectQuery createQueryFromSelected() { for(OrgTableDto dto: selected){ oids.add(dto.getOid()); } + //exclude child org units + oids.addAll(getChildOrgOids()); ObjectFilter oidFilter = InOidFilter.createInOid(oids); return ObjectQuery.createObjectQuery(NotFilter.createNot(oidFilter)); } + private List getChildOrgOids (){ + List childOrgsList = new ArrayList<>(); + for(OrgTableDto dto: selected){ + OperationResult result = new OperationResult(OPERATION_LOAD_CHILD_ORGS); + OrgFilter orgFilter = OrgFilter.createOrg(dto.getOid(), OrgFilter.Scope.SUBTREE); + List> list = WebModelServiceUtils.searchObjects(OrgType.class, ObjectQuery.createObjectQuery(orgFilter), + result, getPageBase()); + if (list != null && list.size() > 0){ + for (PrismObject prismObject : list){ + childOrgsList.add(prismObject.getOid()); + } + } + } + return childOrgsList; + } + private List> initColumns() { List> columns = new ArrayList<>(); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java index 49b31fb9b91..4e70ecc20f9 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/TreeTablePanel.java @@ -1024,7 +1024,7 @@ private void moveConfirmedPerformed(AjaxRequestTarget target, OrgTreeDto oldPare model.executeChanges(WebComponentUtil.createDeltaCollection(delta), null, page.createSimpleTask(OPERATION_MOVE_OBJECT), subResult); } catch (Exception ex) { - subResult.recordFatalError("Couldn't move object " + null + " to " + null + ".", ex); + subResult.recordFatalError("Couldn't move object " + object.getName() + " to " + newParent.getName() + ".", ex); LoggingUtils.logException(LOGGER, "Couldn't move object {} to {}", ex, object.getName()); } finally { subResult.computeStatusIfUnknown(); From 553974f5c2c46ce6235517a8964c60c2622c981a Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Wed, 9 Mar 2016 16:30:19 +0100 Subject: [PATCH 08/12] Better error reporting. --- .../evolveum/midpoint/common/validator/Validator.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/validator/Validator.java b/infra/common/src/main/java/com/evolveum/midpoint/common/validator/Validator.java index 56941a9b68c..66a992d5914 100644 --- a/infra/common/src/main/java/com/evolveum/midpoint/common/validator/Validator.java +++ b/infra/common/src/main/java/com/evolveum/midpoint/common/validator/Validator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Evolveum + * Copyright (c) 2010-2016 Evolveum * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -297,7 +297,7 @@ private EventResult readFromStreamAndValidate(XMLStreamReader stream, OperationR handler.handleGlobalError(validatorResult); } objectResult.recordFatalError(ex); - return EventResult.skipObject(); + return EventResult.skipObject(ex.getMessage()); } objectResult.addContext(END_LINE_NUMBER, stream.getLocation().getLineNumber()); @@ -365,7 +365,7 @@ private EventResult validateObjectInternal(Element objectElement, OperationResul object.checkConsistence(); } catch (RuntimeException e) { objectResult.recordFatalError("Internal object inconsistence, probably a parser bug: "+e.getMessage(), e); - return EventResult.skipObject(); + return EventResult.skipObject(e.getMessage()); } Objectable objectType = null; @@ -416,7 +416,7 @@ private EventResult validateObjectInternal(Element objectElement, OperationResul } } objectResult.recordFatalError(ex); - return EventResult.skipObject(); + return EventResult.skipObject(ex.getMessage()); } catch (RuntimeException ex) { validatorResult.recordFatalError("Couldn't parse object: " + ex.getMessage(), ex); if (verbose) { @@ -432,7 +432,7 @@ private EventResult validateObjectInternal(Element objectElement, OperationResul } } objectResult.recordFatalError(ex); - return EventResult.skipObject(); + return EventResult.skipObject(ex.getMessage()); } } From 2e9125978dd52af46da130cf017bd9816a2915a4 Mon Sep 17 00:00:00 2001 From: Viliam Repan Date: Wed, 9 Mar 2016 11:19:18 -0500 Subject: [PATCH 09/12] small css improvements for prism panels --- .../midpoint/web/component/prism/PrismContainerPanel.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerPanel.html b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerPanel.html index 8cbdd02e577..4240cc33f88 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerPanel.html +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerPanel.html @@ -19,7 +19,7 @@
-
+
@@ -29,7 +29,7 @@
-
+
From b1edaed85d0646cc46dfedeef15304dafff32714 Mon Sep 17 00:00:00 2001 From: Viliam Repan Date: Wed, 9 Mar 2016 11:22:40 -0500 Subject: [PATCH 10/12] breadcrumbs bugfixes and improvements --- .../midpoint/gui/api/page/PageBase.java | 10 ++++++- .../web/component/breadcrumbs/Breadcrumb.java | 18 +++++++++-- .../breadcrumbs/BreadcrumbPageClass.java | 11 +++---- .../breadcrumbs/BreadcrumbPageInstance.java | 7 ++--- .../web/component/menu/MainMenuPanel.java | 30 ++++++++++++++++++- .../AbstractObjectMainPanel.java | 14 +++++---- .../web/page/admin/PageAdminFocus.java | 1 - .../page/admin/PageAdminObjectDetails.java | 2 ++ .../web/page/admin/home/PageDashboard.java | 11 ++++++- .../web/page/self/PageSelfCredentials.java | 10 +++++++ .../web/page/self/PageSelfDashboard.java | 9 ++++++ .../web/page/self/PageSelfProfile.java | 18 ++++++++++- .../localization/Midpoint.properties | 1 + 13 files changed, 120 insertions(+), 22 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java index 63c41cf93c6..a07aaf1154d 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java @@ -463,7 +463,7 @@ public void onClick(AjaxRequestTarget target) { @Override public boolean isEnabled() { - return dto.isLink(); + return dto.isUseLink(); } }); @@ -480,6 +480,14 @@ public boolean isVisible() { Label bcName = new Label(ID_BC_NAME, dto.getLabel()); bcLink.add(bcName); + + item.add(new VisibleEnableBehaviour() { + + @Override + public boolean isVisible() { + return dto.isVisible(); + } + }); } }; add(breadcrumbs); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/Breadcrumb.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/Breadcrumb.java index 1174c061359..33fe2fc7a11 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/Breadcrumb.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/Breadcrumb.java @@ -29,6 +29,8 @@ public class Breadcrumb implements Serializable { private IModel label; private IModel icon; + private boolean useLink = false; + private boolean visible = true; public Breadcrumb() { } @@ -58,8 +60,20 @@ public void setIcon(IModel icon) { this.icon = icon; } - public boolean isLink() { - return false; + public boolean isUseLink() { + return useLink; + } + + public void setUseLink(boolean useLink) { + this.useLink = useLink; + } + + public boolean isVisible() { + return visible; + } + + public void setVisible(boolean visible) { + this.visible = visible; } public void redirect(Component component) { diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageClass.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageClass.java index db5e1475021..fdb6e7be42b 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageClass.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageClass.java @@ -34,6 +34,8 @@ public class BreadcrumbPageClass extends Breadcrumb { public BreadcrumbPageClass(IModel label) { super(label); + + setUseLink(true); } public BreadcrumbPageClass(IModel label, Class page) { @@ -61,6 +63,10 @@ public void setParameters(PageParameters parameters) { this.parameters = parameters; } + public void setPage(Class page) { + this.page = page; + } + @Override public void redirect(Component component) { if (parameters == null) { @@ -70,11 +76,6 @@ public void redirect(Component component) { } } - @Override - public boolean isLink() { - return true; - } - @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageInstance.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageInstance.java index 1c6a6514849..f066d62f75d 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageInstance.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/breadcrumbs/BreadcrumbPageInstance.java @@ -33,6 +33,8 @@ public class BreadcrumbPageInstance extends Breadcrumb { public BreadcrumbPageInstance(IModel label, WebPage page) { super(label); + setUseLink(true); + Validate.notNull(page, "Page must not be null"); this.page = page; @@ -47,11 +49,6 @@ public void redirect(Component component) { component.setResponsePage(page); } - @Override - public boolean isLink() { - return true; - } - @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/MainMenuPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/MainMenuPanel.java index 0c56bff3883..299122483ae 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/MainMenuPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/MainMenuPanel.java @@ -39,6 +39,7 @@ import org.apache.wicket.request.cycle.RequestCycle; import java.io.Serializable; +import java.util.List; /** * @author Viliam Repan (lazyman) @@ -85,7 +86,13 @@ public String getObject() { WebMarkupContainer link; if (menu.getPage() != null) { - link = new BookmarkablePageLink(ID_LINK, menu.getPage()); + link = new AjaxLink(ID_LINK) { + + @Override + public void onClick(AjaxRequestTarget target) { + mainMenuPerformed(menu); + } + }; } else { link = new WebMarkupContainer(ID_LINK); } @@ -186,6 +193,27 @@ private void menuItemPerformed(MenuItem menu) { bc.setIcon(new Model<>(mainMenuItem.getIconClass())); storage.pushBreadcrumb(bc); + List items = mainMenuItem.getItems(); + if (!items.isEmpty()) { + MenuItem first = items.get(0); + + BreadcrumbPageClass invisibleBc = new BreadcrumbPageClass(first.getName(), first.getPage(), + first.getParams()); + invisibleBc.setVisible(false); + storage.pushBreadcrumb(invisibleBc); + } + setResponsePage(menu.getPage(), menu.getParams()); } + + private void mainMenuPerformed(MainMenuItem menu) { + SessionStorage storage = getPageBase().getSessionStorage(); + storage.clearBreadcrumbs(); + + if (menu.getParams() == null) { + setResponsePage(menu.getPage()); + } else { + setResponsePage(menu.getPage(), menu.getParams()); + } + } } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractObjectMainPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractObjectMainPanel.java index 1cf25ee7e61..e75bb47f7f8 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractObjectMainPanel.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractObjectMainPanel.java @@ -48,6 +48,8 @@ public abstract class AbstractObjectMainPanel extends Pane private static final String ID_MAIN_FORM = "mainForm"; private static final String ID_TAB_PANEL = "tabPanel"; private static final String ID_EXECUTE_OPTIONS = "executeOptions"; + private static final String ID_BACK = "back"; + private static final String ID_SAVE = "save"; private static final Trace LOGGER = TraceManager.getTrace(AbstractObjectMainPanel.class); @@ -140,7 +142,7 @@ protected void initLayoutButtons(PageAdminObjectDetails parentPage) { } protected void initLayoutSaveButton(final PageAdminObjectDetails parentPage) { - AjaxSubmitButton saveButton = new AjaxSubmitButton("save", parentPage.createStringResource("pageAdminFocus.button.save")) { + AjaxSubmitButton saveButton = new AjaxSubmitButton(ID_SAVE, parentPage.createStringResource("pageAdminFocus.button.save")) { @Override protected void onSubmit(AjaxRequestTarget target, @@ -159,11 +161,11 @@ protected void onError(AjaxRequestTarget target, } protected void initLayoutBackButton(PageAdminObjectDetails parentPage) { - AjaxButton back = new AjaxButton("back", parentPage.createStringResource("pageAdminFocus.button.back")) { + AjaxButton back = new AjaxButton(ID_BACK, parentPage.createStringResource("pageAdminFocus.button.back")) { @Override public void onClick(AjaxRequestTarget target) { - getDetailsPage().goBackPage(); + backPerformed(target); } }; @@ -173,10 +175,12 @@ public void onClick(AjaxRequestTarget target) { public ExecuteChangeOptionsDto getExecuteChangeOptionsDto() { return executeOptionsModel.getObject(); } - + + private void backPerformed(AjaxRequestTarget target) { + getDetailsPage().redirectBack(); + } protected PageAdminObjectDetails getDetailsPage() { return (PageAdminObjectDetails)getPage(); } - } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java index 70a12880bf0..4250ebac3a1 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java @@ -103,7 +103,6 @@ import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; public abstract class PageAdminFocus extends PageAdminObjectDetails - implements ProgressReportingAwarePage { public static final String AUTH_USERS_ALL = AuthorizationConstants.AUTZ_UI_USERS_ALL_URL; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminObjectDetails.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminObjectDetails.java index 3489dd60cf6..305c14ac0a3 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminObjectDetails.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminObjectDetails.java @@ -616,6 +616,8 @@ protected void performAdditionalValidation(PrismObject object, } // TODO: fix name, confusing. clashes with goBack() + // todo: we should navigate using breadcrumb stack [lazyman] + @Deprecated public void goBackPage() { StringValue orgReturn = getPageParameters().get(PARAM_RETURN_PAGE); if (PageOrgTree.PARAM_ORG_RETURN.equals(orgReturn.toString())) { diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java index aff185313cf..f451dff7de5 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java @@ -21,6 +21,7 @@ import java.util.Collections; import java.util.List; +import com.evolveum.midpoint.web.component.breadcrumbs.Breadcrumb; import org.apache.wicket.Component; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.model.IModel; @@ -95,7 +96,15 @@ public PageDashboard() { principalModel.setObject(loadUserSelf(PageDashboard.this)); initLayout(); } - + + @Override + protected void createBreadcrumb() { + super.createBreadcrumb(); + + Breadcrumb bc = getSessionStorage().peekBreadcrumb(); + bc.setIcon(new Model("fa fa-dashboard")); + } + private void initLayout() { initPersonalInfo(); initMyAccounts(); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java index d85353509da..dde42a474dd 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java @@ -24,6 +24,7 @@ import com.evolveum.midpoint.web.application.PageDescriptor; import com.evolveum.midpoint.web.component.AjaxSubmitButton; import com.evolveum.midpoint.web.component.TabbedPanel; +import com.evolveum.midpoint.web.component.breadcrumbs.Breadcrumb; import com.evolveum.midpoint.web.component.data.TablePanel; import com.evolveum.midpoint.web.component.prism.ContainerStatus; import com.evolveum.midpoint.web.component.prism.ObjectWrapper; @@ -46,6 +47,7 @@ import org.apache.wicket.markup.html.form.CheckBox; import org.apache.wicket.markup.html.form.Form; import org.apache.wicket.model.IModel; +import org.apache.wicket.model.Model; import java.util.ArrayList; import java.util.Collection; @@ -95,6 +97,14 @@ protected MyPasswordsDto load() { initLayout(); } + @Override + protected void createBreadcrumb() { + super.createBreadcrumb(); + + Breadcrumb bc = getSessionStorage().peekBreadcrumb(); + bc.setIcon(new Model("fa fa-shield")); + } + public PageSelfCredentials(final MyPasswordsDto myPasswordsDto) { model = new LoadableModel(myPasswordsDto, false) { diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java index 4ad5969a984..2c54751d621 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java @@ -30,6 +30,7 @@ import com.evolveum.midpoint.web.application.AuthorizationAction; import com.evolveum.midpoint.web.application.PageDescriptor; import com.evolveum.midpoint.web.component.SecurityContextAwareCallable; +import com.evolveum.midpoint.web.component.breadcrumbs.Breadcrumb; import com.evolveum.midpoint.web.component.util.CallableResult; import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour; import com.evolveum.midpoint.web.component.wf.WorkItemsPanel; @@ -86,6 +87,14 @@ public PageSelfDashboard() { initLayout(); } + @Override + protected void createBreadcrumb() { + super.createBreadcrumb(); + + Breadcrumb bc = getSessionStorage().peekBreadcrumb(); + bc.setIcon(new Model("fa fa-dashboard")); + } + private void initLayout(){ DashboardSearchPanel dashboardSearchPanel = new DashboardSearchPanel(ID_SEARCH_PANEL, null); add(dashboardSearchPanel); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfProfile.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfProfile.java index acbc8b0e637..d4720e7638e 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfProfile.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfProfile.java @@ -23,12 +23,15 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.application.AuthorizationAction; import com.evolveum.midpoint.web.application.PageDescriptor; +import com.evolveum.midpoint.web.component.breadcrumbs.Breadcrumb; import com.evolveum.midpoint.web.component.form.Form; import com.evolveum.midpoint.web.component.prism.ObjectWrapper; import com.evolveum.midpoint.web.page.admin.home.PageAdminHome; import com.evolveum.midpoint.web.page.admin.users.PageUser; import com.evolveum.midpoint.web.page.admin.users.component.ExecuteChangeOptionsPanel; import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; +import org.apache.wicket.model.IModel; +import org.apache.wicket.model.Model; /** * @author Viliam Repan (lazyman) @@ -61,5 +64,18 @@ protected PageBase getDefaultBackPage() { // optionsPanel.setVisible(false); // return optionsPanel; // } - + + + @Override + protected void createBreadcrumb() { + super.createBreadcrumb(); + + Breadcrumb bc = getSessionStorage().peekBreadcrumb(); + bc.setIcon(new Model("fa fa-user")); + } + + @Override + protected IModel createPageTitleModel() { + return createStringResource("PageSelfProfile.title"); + } } diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint.properties b/gui/admin-gui/src/main/resources/localization/Midpoint.properties index eec50c7e5fe..ec12a0d8923 100644 --- a/gui/admin-gui/src/main/resources/localization/Midpoint.properties +++ b/gui/admin-gui/src/main/resources/localization/Midpoint.properties @@ -2909,6 +2909,7 @@ MyRequestsPanel.started = Started MyRequestsPanel.rejected = Rejected MyRequestsPanel.approved = Approved MyRequestsPanel.name = Name +PageSelfProfile.title=Edit profile PageSelfDashboard.title=Home PageSelfDashboard.workItems=My work items PageSelfDashboard.myRequests=My requests From 6e46e775815009d29dedddcbd25372cee289849f Mon Sep 17 00:00:00 2001 From: Viliam Repan Date: Wed, 9 Mar 2016 11:41:33 -0500 Subject: [PATCH 11/12] keys cleanup, titles/subtitles mostly --- .../localization/Midpoint.properties | 4 +- .../localization/Midpoint_en_US.properties | 54 ++++++++----------- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint.properties b/gui/admin-gui/src/main/resources/localization/Midpoint.properties index ec12a0d8923..06fdc73be20 100644 --- a/gui/admin-gui/src/main/resources/localization/Midpoint.properties +++ b/gui/admin-gui/src/main/resources/localization/Midpoint.properties @@ -1690,7 +1690,7 @@ PageNewReport.message.help=Choose Xml file for import. PageNewReport.message.nullFile=Uploaded file is null. PageNewReport.title=Import Jasper report PageOrgTree.message.noOrgStructDefined=No org. structure defined. -PageOrgTree.title=Org. structure +PageOrgTree.title=Organization tree pageOrgUnit.accounts=Projections PageOrgUnit.extension=Extension PageOrgUnit.message.cantCreateExtensionDelta=Can't create delta for org. unit extension @@ -2127,6 +2127,8 @@ pageUser.tasks=Tasks pageUser.task.status=Status pageUser.title.confirmDelete=Confirm delete pageUser.title.editing={0} +pageUser.title.editUser=Edit +pageUser.title.newUser=Create pageUser.title.selectAssignable=Select object(s) pageUser.title.selectResource=Select resource(s) pageUser.userDetails=User details diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_en_US.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_en_US.properties index 34df8337d0b..79cec41a55d 100644 --- a/gui/admin-gui/src/main/resources/localization/Midpoint_en_US.properties +++ b/gui/admin-gui/src/main/resources/localization/Midpoint_en_US.properties @@ -25,6 +25,12 @@ AccessCertificationCampaignStateType.IN_REVIEW_STAGE_FULL=In review stage {0} ({ AccessCertificationCampaignStateType.IN_REVIEW_STAGE=In review stage AccessCertificationCampaignStateType.REVIEW_STAGE_DONE_FULL=Done review stage {0} ({1}) AccessCertificationCampaignStateType.REVIEW_STAGE_DONE=Review stage done +AccessCertificationResponseType.ACCEPT=Accept +AccessCertificationResponseType.REVOKE=Revoke +AccessCertificationResponseType.REDUCE=Reduce +AccessCertificationResponseType.NOT_DECIDED=Not decided +AccessCertificationResponseType.DELEGATE=Delegate +AccessCertificationResponseType.NO_RESPONSE=No response ActivationStatusType.ARCHIVED=Archived ActivationStatusType.DISABLED=Disabled ActivationStatusType.ENABLED=Enabled @@ -277,11 +283,11 @@ DecisionsPanel.comment=Comment DecisionsPanel.result=Result DecisionsPanel.user=User DecisionsPanel.when=When -DefinitionScopeObjectType.FocusType=FocusType -DefinitionScopeObjectType.AbstractRoleType=AbstractRoleType -DefinitionScopeObjectType.RoleType=RoleType -DefinitionScopeObjectType.UserType=UserType -DefinitionScopeObjectType.OrgType=OrgType +DefinitionScopeObjectType.FocusType=Users, roles and orgs +DefinitionScopeObjectType.AbstractRoleType=Roles and orgs +DefinitionScopeObjectType.RoleType=Roles +DefinitionScopeObjectType.UserType=Users +DefinitionScopeObjectType.OrgType=Orgs deleteAllDialog.label.accountShadowsDelete=Account shadows to delete\: {0} deleteAllDialog.label.nonAccountShadowsDelete=Non-Account shadows to delete\: {0} deleteAllDialog.label.org=Org. Units @@ -1008,6 +1014,8 @@ PageAbout.button.testRepositoryCheckOrgClosure=Check and repair org closure cons PageAbout.button.testRepository=Repository self test PageAbout.message.couldntObtainJvmParams=Couldn't obtain JVM parameters from JMX. PageAbout.midPointRevision=${git.describe} +PageAbout.builtAt=Build at +PageAbout.build=${timestamp} PageAbout.midPointRevisionTitle=Git describe PageAbout.midPointVersion=${pom.version} PageAbout.midPointVersionTitle=Version @@ -1019,8 +1027,7 @@ PageAbout.repoDiag.implementationDescription=Implementation description PageAbout.repoDiag.implementationShortName=Implementation name PageAbout.repoDiag.isEmbedded=Is embedded PageAbout.repoDiag.repositoryUrl=Repository URL -PageAbout.subTitle=midPoint -PageAbout.title=About +PageAbout.title=About midPoint PageAbout.title.basic=Basic PageAbout.title.jvmProperties=JVM properties PageAbout.title.provisioning=Provisioning @@ -1064,9 +1071,8 @@ PageAccounts.nothing=Nothing PageAccounts.resource=Resource PageAccounts.shadows=Shadows PageAccounts.state=State -PageAccounts.subTitle=synchronization details PageAccounts.summary=Summary -PageAccounts.title=Shadow +PageAccounts.title=Shadow synchronization details PageAccounts.total=Total PageAccounts.unlinked=Unlinked PageAccounts.unmatched=Unmatched @@ -1097,6 +1103,7 @@ PageAdmin.menu.top.configuration.internals=Internals configuration PageAdmin.menu.top.configuration.logging=Logging PageAdmin.menu.top.configuration.notifications=Notifications PageAdmin.menu.top.configuration.profiling=Profiling +PageAdmin.menu.top.configuration.adminGui=Admin GUI PageAdmin.menu.top.configuration.repositoryObjects=Repository objects PageAdmin.menu.top.configuration.security=Security PageAdmin.menu.top.configuration.shadowsDetails=Shadows details @@ -1265,7 +1272,6 @@ PageCertCampaigns.message.deleteCampaignConfirmSingle=Do you really want to dele PageCertCampaigns.message.noCampaignsSelected=No relevant campaigns selected PageCertCampaigns.nowForCampaign=(campaign\: now) PageCertCampaigns.nowForStage=now -PageCertCampaigns.subTitle= PageCertCampaigns.table.deadline=Stage (campaign) deadline PageCertCampaigns.table.description=Description PageCertCampaigns.table.name=Name @@ -1318,7 +1324,6 @@ PageCertDecisions.menu.revoke=Revoke PageCertDecisions.menu.revokeSelected=Revoke selected PageCertDecisions.message.noItemSelected=No item selected PageCertDecisions.now=now -PageCertDecisions.subTitle= PageCertDecisions.table.campaignName=Campaign name PageCertDecisions.table.campaignStage=Stage PageCertDecisions.table.comment=Comment @@ -1350,7 +1355,6 @@ PageCertDefinitions.table.description=Description PageCertDefinitions.table.name=Name PageCertDefinitions.title=Access Certification Definitions PageCertDefinitions.title.confirmDelete=Confirm delete -PageCertDefinition.subTitle= PageCertDefinitionsxmlDefinition=XML definition PageCertDefinition.title=Access Certification Campaign Definition PageCertDefinition.campaigns=Campaigns @@ -1415,8 +1419,7 @@ AccessCertificationCaseOutcomeStrategyType.APPROVED_IF_NOT_DENIED = Approved if AccessCertificationCaseOutcomeStrategyType.ALL_MUST_APPROVE = Approved if all reviewers approve AccessCertificationRemediationStyleType.AUTOMATED=Automated reconciliation (non-conformant items are automatically removed) AccessCertificationRemediationStyleType.REPORT_ONLY=Manual reconciliation (non-conformant items are reported) -PageContacts.subTitle=browser -PageContacts.title=Contacts +PageContacts.title=Contacts browser pageContentAccounts.button.searchButton=Search pageContentAccounts.dialog.title.confirmDelete=Delete Confirmation pageContentAccounts.identifiers=Identifiers @@ -1460,7 +1463,6 @@ pageCreatedReports.message.downloadError=Could not download Report. pageCreatedReports.message.fileNotFound=File with report was not found. pageCreatedReports.message.nothingSelected=No reports have been selected. pageCreatedReports.message.queryError=Error occurred during translation search query to filter. -PageCreatedReports.subTitle=in past pageCreatedReports.table.author=Author pageCreatedReports.table.description=Description pageCreatedReports.table.filetype=File Type @@ -1474,7 +1476,6 @@ PageDashboard.activeUsers=Active Users PageDashboard.assignments=My Assignments PageDashboard.personalInfo=Personal info PageDashboard.serverLoad=Server Load -PageDashboard.subTitle=welcome to midPoint PageDashboard.systemInfo=System status PageDashboard.title=Dashboard PageDashboard.usedRam=Used RAM @@ -1514,7 +1515,6 @@ pageDebugList.resourceName=Resource name pageDebugList.resource=Resource pageDebugList.resourceType=Resource type pageDebugList.searchTextPlaceholder=Name -PageDebugList.subTitle=from repository PageDebugList.title=Raw objects pageDebugList.zipCheck=Use zip pageDebugView.button.back=Back @@ -1535,7 +1535,6 @@ PageError401.title=Unauthorized (401) PageError.button.back=Back to dashboard PageError.message=Unexpected error occurred, if necessary please contact system administrator. PageError.title=Internal error (500) -PageFindUsers.subTitle=in midPoint PageFindUsers.title=Find users PageForgetPassword.email=E-mail pageForgetPassword.message.ContactAdminQuestionsNotSet=You have not set any security questions yet. Please Contact Your Administrator to reset Your Password. @@ -1551,7 +1550,6 @@ PageImportObject.getObjectsFrom=Get objects from pageImportObject.message.emptyXml=Can't save empty xml. PageImportObject.message.help=Choose Xml file for import. pageImportObject.message.nullFile=Uploaded file is null. -PageImportObject.subTitle=to midPoint PageImportObject.title=Import objects PageInternals.button.changeTime=Change time PageInternals.button.resetTimeChange=Reset to using system time @@ -1660,16 +1658,13 @@ PageNewReport.getObjectsFrom=Create report from PageNewReport.message.emptyXml=Can't save empty xml. PageNewReport.message.help=Choose Xml file for import. PageNewReport.message.nullFile=Uploaded file is null. -PageNewReport.subTitle=to midPoint PageNewReport.title=Import Jasper report PageOrgTree.message.noOrgStructDefined=No org. structure defined. -PageOrgTree.subTitle=tree -PageOrgTree.title=Org. structure +PageOrgTree.title=Organization tree pageOrgUnit.accounts=Projections PageOrgUnit.extension=Extension PageOrgUnit.message.cantCreateExtensionDelta=Can't create delta for org. unit extension PageOrgUnit.parentOrgRef=Parent -PageOrgUnit.subTitle=details PageOrgUnit.title.approvers=Approvers PageOrgUnit.title.assignments=Assignments PageOrgUnit.title.authorizations=Authorizations @@ -1715,7 +1710,6 @@ PageReports.report.reconciliationName=Reconciliation PageReports.report.usersDescription=Users listed in MidPoint. PageReports.report.usersName=Users in MidPoint PageReports.search.showSubreports=Show subreports -PageReports.subTitle=in midPoint PageReports.table.description=Description PageReports.table.name=Name PageReports.title.auditPopup=Audit report parameters @@ -1786,9 +1780,8 @@ pageResources.progress=Progress pageResources.resources=Resources pageResources.searchText.placeholder=Name pageResources.status=Last status -PageResources.subTitle=connected to midPoint pageResource.status=Status -PageResources.title=Resources +PageResources.title=Resources List pageResources.version=Version pageResource.sync=Sync PageResource.title=Resource details @@ -1846,7 +1839,7 @@ pageSystemConfiguration.assignmentPolicyEnforcement.value.positive=Positive pageSystemConfiguration.logging.title=Logging pageSystemConfiguration.notifications.title=Notifications pageSystemConfiguration.profiling.title=Profiling -PageSystemConfiguration.subTitle=for midPoint +pageSystemConfiguration.adminGui.title=Admin GUI pageSystemConfiguration.system.title=System PageSystemConfiguration.title=Configuration PageTaskAdd.title=New task @@ -2004,7 +1997,6 @@ pageTasks.runsContinually=runs continually pageTasks.stalledSince=STALLED since {0} at {1} pageTasks.state=State pageTasks.subtasks=Show subtasks -PageTasks.subTitle=in midPoint pageTasks.task.category=Category pageTasks.task.currentRunTime=Current run time pageTasks.task.detail=Detail @@ -2077,9 +2069,7 @@ pageUsers.message.deleteUserConfirm=Do you really want to delete selected {0} us pageUsers.message.deleteUserConfirmSingle=Do you really want to delete user '{0}'? pageUsers.message.nothingSelected=No user has been selected. pageUsers.message.queryError=Error occurred during translation search query to filter. -PageUsers.title=List Users -pageUser.subTitle.edituser=user '{0}' -pageUser.subTitle.newUser=new user +PageUsers.title=User List pageUser.task.category=Category pageUser.task.execution=Execution state pageUser.task.name=Task name @@ -2864,6 +2854,7 @@ MyRequestsPanel.started = Started MyRequestsPanel.rejected = Rejected MyRequestsPanel.approved = Approved MyRequestsPanel.name = Name +PageSelfProfile.title=Edit profile PageSelfDashboard.title=Home PageSelfDashboard.workItems=My work items PageSelfDashboard.myRequests=My requests @@ -2912,4 +2903,3 @@ SearchItemPanel.add=Add SearchItemPanel.remove=Remove SearchItemPanel.browse=Browse SearchItemPanel.or=or -PageUsers.subTitle=in midPoint From d34435697c53688c412d524dbc38dc32d3081c13 Mon Sep 17 00:00:00 2001 From: Ivan Noris Date: Wed, 9 Mar 2016 22:21:07 +0100 Subject: [PATCH 12/12] Added samples for story test Multitenant User Management for SaaS (https://wiki.evolveum.com/display/midPoint/Multitenant+User+Management+for+SaaS) --- samples/stories/multitenant-idm-saas/aci.ldif | 13 + .../lookupTables/lookup-employee-type.xml | 36 + .../misc/midpoint-crm-flatfile.csv | 3 + .../misc/sysconfig-readme.txt | 133 ++++ .../objectTemplates/object-template-org.xml | 86 +++ .../objectTemplates/object-template-user.xml | 286 +++++++ .../multitenant-idm-saas/org/org-top.xml | 35 + .../stories/multitenant-idm-saas/readme.txt | 162 ++++ .../resources/crm-simulation-sync.xml | 354 +++++++++ .../resources/openldap-customers.xml | 731 ++++++++++++++++++ .../roles/metarole-org.xml | 118 +++ .../roles/role-customer-authz-admin.xml | 348 +++++++++ .../roles/role-customer-authz-enduser.xml | 105 +++ .../roles/role-customer-basic-admin.xml | 60 ++ .../roles/role-customer-basic-poweruser.xml | 60 ++ .../roles/role-customer-basic-user.xml | 60 ++ .../roles/role-meta-ldap-customer-group.xml | 91 +++ .../valuePolicies/normal-password-policy.xml | 67 ++ .../stronger-password-policy.xml | 67 ++ .../verystrong-password-policy.xml | 67 ++ 20 files changed, 2882 insertions(+) create mode 100644 samples/stories/multitenant-idm-saas/aci.ldif create mode 100644 samples/stories/multitenant-idm-saas/lookupTables/lookup-employee-type.xml create mode 100644 samples/stories/multitenant-idm-saas/misc/midpoint-crm-flatfile.csv create mode 100644 samples/stories/multitenant-idm-saas/misc/sysconfig-readme.txt create mode 100644 samples/stories/multitenant-idm-saas/objectTemplates/object-template-org.xml create mode 100644 samples/stories/multitenant-idm-saas/objectTemplates/object-template-user.xml create mode 100644 samples/stories/multitenant-idm-saas/org/org-top.xml create mode 100644 samples/stories/multitenant-idm-saas/readme.txt create mode 100644 samples/stories/multitenant-idm-saas/resources/crm-simulation-sync.xml create mode 100644 samples/stories/multitenant-idm-saas/resources/openldap-customers.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/metarole-org.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-customer-authz-admin.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-customer-authz-enduser.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-customer-basic-admin.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-customer-basic-poweruser.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-customer-basic-user.xml create mode 100644 samples/stories/multitenant-idm-saas/roles/role-meta-ldap-customer-group.xml create mode 100644 samples/stories/multitenant-idm-saas/valuePolicies/normal-password-policy.xml create mode 100644 samples/stories/multitenant-idm-saas/valuePolicies/stronger-password-policy.xml create mode 100644 samples/stories/multitenant-idm-saas/valuePolicies/verystrong-password-policy.xml diff --git a/samples/stories/multitenant-idm-saas/aci.ldif b/samples/stories/multitenant-idm-saas/aci.ldif new file mode 100644 index 00000000000..81956a10257 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/aci.ldif @@ -0,0 +1,13 @@ +# sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ~/Work/Documents/Evolveum/evolveum/samples/customer-openldap-da/aci.ldif +# !!!!!!!!!!!!!!!!!!!!!!! +# BE ADVISED THE {2}mdb DEPENDS ON YOUR OpenLDAP INSTALLATION/SETUP +# !!!!!!!!!!!!!!!!!!!!!!! +dn: olcDatabase={2}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=idm,ou=Administrators,dc=example,dc=com" write by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write by anonymous auth by self write by * none +olcAccess: to dn.base="" by * read +olcAccess: to dn.subtree="ou=people,dc=example,dc=com" by dn="cn=idm,ou=Administrators,dc=example,dc=com" write +olcAccess: to dn.subtree="ou=groups,dc=example,dc=com" by dn="cn=idm,ou=Administrators,dc=example,dc=com" write +olcAccess: to dn.subtree="ou=customers,dc=example,dc=com" by dn="cn=idm,ou=Administrators,dc=example,dc=com" write +olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write by dn="cn=idm,ou=Administrators,dc=example,dc=com" read by self read by * none diff --git a/samples/stories/multitenant-idm-saas/lookupTables/lookup-employee-type.xml b/samples/stories/multitenant-idm-saas/lookupTables/lookup-employee-type.xml new file mode 100644 index 00000000000..a9d7c2367a2 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/lookupTables/lookup-employee-type.xml @@ -0,0 +1,36 @@ + + + + + + Employee Type + + + customer-admin + + + + customer-user + + + diff --git a/samples/stories/multitenant-idm-saas/misc/midpoint-crm-flatfile.csv b/samples/stories/multitenant-idm-saas/misc/midpoint-crm-flatfile.csv new file mode 100644 index 00000000000..6864c93adf0 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/misc/midpoint-crm-flatfile.csv @@ -0,0 +1,3 @@ +name,givenName,familyName,customerName,customerDisplayName,customerContact,disabled +"ultraone-admin","Perry","Houser","ultra1","Ultra One Cloud Inc.","ultraone-admin@example.com","false" +"yourthingsours-admin","Chi","Daachi","yourthingsours","Your Things Ours - Cloud Solutions Inc.","yourthingsours-admin@example.com","false" diff --git a/samples/stories/multitenant-idm-saas/misc/sysconfig-readme.txt b/samples/stories/multitenant-idm-saas/misc/sysconfig-readme.txt new file mode 100644 index 00000000000..e560453739f --- /dev/null +++ b/samples/stories/multitenant-idm-saas/misc/sysconfig-readme.txt @@ -0,0 +1,133 @@ +Paste this to System Configuration replacing existing . + + + + + + iamnotify@example.com + + + + + mail + + + + + New accounts in midPoint managed systems + add + success + + + + + + + mail + + + + + New user in midPoint + add + + + + + + + mail + + + + + Notify system administrator for accounts + + iamnotify@example.com + + + + + mail + + + + + + + OrgType + Notify system administrator for organization change + + iamnotify@example.com + + + + + mail + + + + + RoleType + Notify system administrator for role change + + iamnotify@example.com + + + + + mail + + + + + + /usr/local/apache-tomcat-pokusy/logs/idm-mail-notifications.log + + diff --git a/samples/stories/multitenant-idm-saas/objectTemplates/object-template-org.xml b/samples/stories/multitenant-idm-saas/objectTemplates/object-template-org.xml new file mode 100644 index 00000000000..dfd57ca7aeb --- /dev/null +++ b/samples/stories/multitenant-idm-saas/objectTemplates/object-template-org.xml @@ -0,0 +1,86 @@ + + + + Organization Object Template + + + Org-org mapping + true + + orgType + + + name + + + + + + + c:OrgType + + + c:name + + + + + + + + + assignment + + + + + + Org metarole assignment + true + + orgType + + + + c:RoleType + bb1adfda-cbee-11e5-a445-3c970e44b9e2 + + + + assignment + + + + + + diff --git a/samples/stories/multitenant-idm-saas/objectTemplates/object-template-user.xml b/samples/stories/multitenant-idm-saas/objectTemplates/object-template-user.xml new file mode 100644 index 00000000000..d49d0022ad9 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/objectTemplates/object-template-user.xml @@ -0,0 +1,286 @@ + + + + User Template + + + + employeeType + + + + + organization + + presentation + + true + false + false + + + + + + organizationalUnit + + presentation + + true + false + false + + + + + Fullname + true + + givenName + + + familyName + + + + + + fullName + + + + Org mapping - organization member + + Look for appropriate Org objects by using the user's organizationalUnit property + as the name of the org object. When no such object is found we want to create it on + demand. We want to populate new Org object with a name and displayName derived from + the user. + + true + + organization + + + organizationalUnit + + + + c:OrgType + + + c:name + + + + + + + true + + + + + + + name + + + + + + + + displayName + + + + + customer + + + orgType + + + + + + + assignment + + + + + Org mapping - organization manager + + Look for appropriate Org objects by using the user's organizationalUnit property + as the name of the org object. When no such object is found we want to create it on + demand. We want to populate new Org object with a name and displayName derived from + the user. + + true + + organization + + + organizationalUnit + + + employeeType + + + + c:OrgType + + + c:name + + + + + + + org:manager + + + + assignment + + + + + + + + + Basic Customer Admin role assignment + + $user/employeeType + + + + c:RoleType + 3410a44a-cc00-11e5-bc03-3c970e44b9e2 + + + + assignment + + + + + + + + Delegated Administration role assignment + + $user/employeeType + + + + c:RoleType + c546fe38-def1-11e5-85bb-3c970e44b9e2 + + + + assignment + + + + + + + + Basic Customer User role assignment + + $user/employeeType + + + + c:RoleType + 0d76dd40-cc05-11e5-8cfb-3c970e44b9e2 + + + + assignment + + + + + + + + Customer End User role assignment + + $user/employeeType + + + + c:RoleType + + + c:name + Customer End User Role + + + + + + assignment + + + + + + diff --git a/samples/stories/multitenant-idm-saas/org/org-top.xml b/samples/stories/multitenant-idm-saas/org/org-top.xml new file mode 100644 index 00000000000..891d88cab31 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/org/org-top.xml @@ -0,0 +1,35 @@ + + + + + CUSTOMERS + + enabled + 2016-02-05T10:22:40.341+01:00 + + Customers + 0001 + functional + + diff --git a/samples/stories/multitenant-idm-saas/readme.txt b/samples/stories/multitenant-idm-saas/readme.txt new file mode 100644 index 00000000000..001ae026933 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/readme.txt @@ -0,0 +1,162 @@ +OpenLDAP customer management test scenario. + +This scenario simulates situation where multiple organizations ("tenants") +wish to manage their own users and administrators in midPoint and in OpenLDAP. +The first administrative accounts will be created by importing (one-time or +periodic using LiveSync) from CSV file to midPoint. Passwords will be sent to the first +administrative accounts (simulated by midPoint notifications redirected to +a file). The administrators can then manage their own users. + +For each organization ("tenant"), the following objects will be created in +OpenLDAP (assumed the "ou=customers,dc=example,dc=com" already exists!): +1) OU: ou=,ou=customers,dc=example,dc=com +2) group: cn=-admins,ou=,ou=customers,dc=example,dc=com +3) group: cn=-users,ou=,ou=customers,dc=example,dc=com +4) group: cn=-powerusers,ou=,ou=customers,dc=example,dc=com + +For each user from CSV, user with identifier will be created in +midPoint, employeeType will be set to "customer-admin", which causes the +following to be automatically assigned in midPoint: +1) organization (member) +2) organization (manager) +3) role Customer Admin Role +4) role Customer User Role +5) role Delegated Administration Role + +In OpenLDAP, the following will be automatically created: +1) account uid=,ou=,ou=customers,dc=example,dc=com +2) account added to group cn=-admins,ou=,ou=customers,dc=example,dc=com +3) account added to group cn=-users,ou=,ou=customers,dc=example,dc=com + +The initial password is generated using Default Password Policy and will be +sent (simulated by mail notification redirection to +/logs/idm-mail-notifications.log) to the admin user. + +Admin user can login to midPoint using http://localhost:8080/midpoint/. From +the GUI he can display the organizational structure using "Org. structure" +menu on the left side. + +To modify organization settings: +- click Org. structure on the left side, then Organization tree +- click on the organization name on the right side +- update e.g. Description if necessary +- change password policy which will be applied for all objects in this +organization +- save the form + +Based on your changes, attributes in OpenLDAP will be changed. +Password policy if midPoint-only setting, so changing it will not provision +changes to OpenLDAP. + +To create new administrator for his/her organization: +- click Org. structure on the left side, then Organization tree + +- expand his/her organization (TODO: https://jira.evolveum.com/browse/MID-2795 +to allow only his/her organization to be visible) +- click on the organization on the left side to expand current users +- on the right side, near "Members", click the wheel icon and select "Add +member" +- fill in the following attributes: + - name (this is login and OpenLDAP uid attribute) + - givenName + - familyName + - employeeType: click to the field and choose either customer-admin or + customer-user + - emailAddress: to send (simulate sending) notification with initial + password +- save the form + +Based on the employeeType setting, user will be created either as +administrator or normal user: + +1) assigned organization (member) (for both customer-admin and +customer-user) +2) organization (manager) (for customer-admin) +3) role Customer Admin Role (for customer-admin) +4) role Customer User Role (for both customer-admin and customer-user) +5) role Delegated Administration Role (for customer-admin) + +In OpenLDAP, the following will be automatically created: +1) account uid=,ou=,ou=customers,dc=example,dc=com +2) account added to group +cn=-admins,ou=,ou=customers,dc=example,dc=com (for +customer-admin) +3) account added to group +cn=-users,ou=,ou=customers,dc=example,dc=com (for +both customer-admin and customer-user) + +To modify user, certain attributes can be modified from within midPoint, such +as givenName, familyName, name, employeeType, password etc. Some attributes +will be computed by midPoint (fullName) and cannot be edited directly. + +To change the permissions from customer-admin to customer-user and vice-versa, +change the employeeType attribute value in midPoint. Groups and organization +will be automatically (un)assigned based on this setting. + +To assign user a different role using midPoint, click on the user and switch +to tab "Assignments": +- click on the wheel near "Assignments" header +- click Assign role +- select role(s). For example Customer Power User role +- click Assign and then Save + +User will be updated and OpenLDAP account will be updated if role(s) related +to OpenLDAP have been (un)assigned. In the case of the "Customer Power User +Role", the membership of the following group will be updated: + +1) group: cn=-powerusers,ou=,ou=customers,dc=example,dc=com + +You can assign the Customer Admin Role to the normal user if you wish, but +this role is automatically assigned/unassigned based on employeeType attribute +value. + +To rename the account, edit the user and change "name" attribute. The account +in OpenLDAP will be automatically renamed and the group membership will be +also updated. + +To change the password, edit the user and change the Password value. + +Disable/enable is not supported in this scenario, as OpenLDAP has no default +way of disabling users. For now custom objectClass (instead of inetOrgPerson) +would need to be used (which would also mean all target applications bound +with OpenLDAP would need to know which attribute represents the account +state). + +To Delete user you need to go to Users then List users +(TODO https://jira.evolveum.com/browse/MID-2824). Select the users you wish to +delete and in the wheel choose "Delete" action. User will be deleted from +midPoint and the account from OpenLDAP. + +To allow normal (non-admin) users to change their own password in the +self-service GUI, you need to first to assign them the permission to log in: +Click on the user and switch to tab "Assignments": +- click on the wheel near "Assignments" header +- click Assign role +- select role "Customer End User Role" +- click Assign and then Save + +From now, the user can login to midPoint using http://localhost:8080/midpoint +(the same URL is used for administration) and update his/her password in +midPoint and OpenLDAP. + +Setup: +- tested with Tomcat 7.x, JDK 7.x, git-v3.4devel-515-g6c30887 +- update filePath in the CSV resource before importing data! It must point to +your CSV file with customer info! + +- set/ensure: System Configuration: Assignment Policy Enforcement: Relative +- Import organizational structure +- Import password policies +- Import object templates +- Import resources +- Import roles +- System Configuration: Object Policies: UserType = "User Template" +- System Configuration: Object Policies: OrgType = "Organization Object Template" +- Resource "CRM Simulation" - click Content, and import any of the entries by +clicking the wheel and selecting Import. To import all, you can run Import +from resource task. To allow periodic synchronization, you can configure Live +Sync task. +- edit System Configuration using repository objects and replace + with the sample in misc/sysconfig-readme.txt +- Notifications will be redirected to /logs/idm-mail-notification.log + diff --git a/samples/stories/multitenant-idm-saas/resources/crm-simulation-sync.xml b/samples/stories/multitenant-idm-saas/resources/crm-simulation-sync.xml new file mode 100644 index 00000000000..a2f78d0a8e9 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/resources/crm-simulation-sync.xml @@ -0,0 +1,354 @@ + + + + + + + + + + + + CRM Simulation + + + + + + c:connectorType + com.evolveum.polygon.csvfile.CSVFileConnector + + + + + + + + + + /var/tmp/midpoint-crm-flatfile.csv + utf-8 + " + , + ; + false + name + + + + + + + + + + + + + + + Default Account + true + + + ri:AccountObjectClass + + icfs:uid + + + Entry UUID + + + + + true + + + + + icfs:name + + + Name + + + + 0 + + true + false + false + + + + + $user/name + + + + + customer-admin + + + $user/employeeType + + + + + + ri:givenName + Given name + Definition of givenName attribute handling. + + + true + false + false + + + + + $user/givenName + + + + + + ri:familyName + Family name + Definition of familyName attribute handling. + + + true + false + false + + + + + $user/familyName + + + + + ri:customerName + Customer Name (Organization) + Definition of customerName attribute handling. + + + true + false + false + + + + + $user/organizationalUnit + + + + + ri:customerDisplayName + Customer Display Name (Organization) + Definition of customerDisplayName attribute handling. + + + true + false + false + + + + + $user/organization + + + + + ri:customerContact + Customer Contact (Email) + Definition of customerContact attribute handling. + + + true + false + false + + + + + $user/emailAddress + + + + + + + + + + + + + + weak + + + + + + + + + + + + + + + ri:disabled + false + true + + + + false + + + + + + + true + + + + Correlation expression is a search query. + Following search queury will look for users that have "name" + equal to the "name" attribute of the account. Simply speaking, + it will look for match in usernames in the IDM and the resource. + The correlation rule always looks for users, so it will not match + any other object type. + + + c:name + + + declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; + $account/attributes/icfs:name + + + + + + + + + + linked + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#modifyUser + + + + deleted + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlinkAccount + + + + unlinked + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount + + + + unmatched + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser + + + + + + + + + diff --git a/samples/stories/multitenant-idm-saas/resources/openldap-customers.xml b/samples/stories/multitenant-idm-saas/resources/openldap-customers.xml new file mode 100644 index 00000000000..82961bb8e4a --- /dev/null +++ b/samples/stories/multitenant-idm-saas/resources/openldap-customers.xml @@ -0,0 +1,731 @@ + + + + + + + + + + + + + OpenLDAP for Customers + + + LDAP resource using a ConnId LDAP connector. It contains configuration + for use with OpenLDAP servers. + + + + + Reference to the OpenICF LDAP connector. This is dynamic reference, it will be translated to + OID during import. + + + + c:connectorType + com.evolveum.polygon.connector.ldap.LdapConnector + + + + + + + + 389 + localhost + ou=customers,dc=example,dc=com + cn=idm,ou=Administrators,dc=example,dc=com + secret + auto + SSHA + uid + 2.5.13.3 + memberOf + createTimestamp + + + false + false + false + + + + + + + + + + + ri:inetOrgPerson + ri:groupOfUniqueNames + ri:groupOfNames + ri:organizationalUnit + + + + + + + + + + + account + Normal Account + true + ri:inetOrgPerson + + ri:dn + Distinguished Name + + 0 + + true + true + true + + + mr:stringIgnoreCase + + + $user/name + + + $user/organizationalUnit + + + + + + + + ri:entryUUID + Entry UUID + + + true + false + true + + + mr:stringIgnoreCase + + + ri:cn + Common Name + + 0 + + true + true + true + + + + + + $user/fullName + + + + + ri:sn + Surname + + 0 + + + + + familyName + + + + + ri:givenName + Given Name + + + + $c:user/c:givenName + + + + + ri:uid + Login Name + mr:stringIgnoreCase + + weak + + Source may have description + $user/name + + + + + + + + ri:description + + + $user/description + + + + + ri:l + Location + + + $user/locality + + + + + ri:employeeType + Employee Type + false + + + $user/employeeType + + + + + + ri:group + LDAP Group Membership + entitlement + ldapGroup + group-org-admin + group-org-user + group-org-poweruser + group-custom + objectToSubject + ri:member + ri:dn + true + + + + 5 + + + + + + http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase + attributes/ri:dn + cn=idm,ou=Administrators,dc=example,dc=com + + + + + + + + + + + + + + + + + + + + + + + + generic + ou-customer + true + Customer Organizational Unit + ri:organizationalUnit + + + ri:dn + mr:stringIgnoreCase + + + + $focus/name + + + + + + + + ri:ou + mr:stringIgnoreCase + + weak + + $focus/name + + + + + ri:description + + + description + + + + + + entitlement + ldapGroup + true + LDAP Group + ri:groupOfNames + + + ri:member + mr:distinguishedName + minimal + + + + ri:uid + + + + + entitlement + group-org-poweruser + LDAP Group - Power Users + ri:groupOfNames + + + ri:dn + mr:stringIgnoreCase + + + + $focus/name + + + + + + + + ri:member + mr:distinguishedName + minimal + + strong + + + cn=dummy,o=whatever + + + + + ri:cn + mr:stringIgnoreCase + + weak + + $focus/name + + + + + + + + ri:description + + + description + + + + + generic + ou-customer + relaxed + + + + ri:uid + + + + + entitlement + group-org-user + LDAP Group - Users + ri:groupOfNames + + + ri:dn + mr:stringIgnoreCase + + + + $focus/name + + + + + + + + ri:member + mr:distinguishedName + minimal + + strong + + + cn=dummy,o=whatever + + + + + ri:cn + mr:stringIgnoreCase + + weak + + $focus/name + + + + + + + + ri:description + + + description + + + + + generic + ou-customer + relaxed + + + + ri:uid + + + + + entitlement + group-org-admin + LDAP Group - Admin + ri:groupOfNames + + + ri:dn + mr:stringIgnoreCase + + + + $focus/name + + + + + + + + ri:member + mr:distinguishedName + minimal + + strong + + + cn=dummy,o=whatever + + + + + ri:cn + mr:stringIgnoreCase + + weak + + $focus/name + + + + + + + + ri:description + + + description + + + + + generic + ou-customer + relaxed + + + + ri:uid + + + + + entitlement + group-custom + LDAP Group - Custom group + ri:groupOfNames + + + ri:dn + mr:stringIgnoreCase + + + + $focus/name + + + $focus/identifier + + + + + + + + ri:member + mr:distinguishedName + minimal + + strong + + + cn=dummy,o=whatever + + + + + ri:cn + mr:stringIgnoreCase + + weak + + $focus/name + + + + + + + + ri:description + + + description + + + + + generic + ou-customer + relaxed + + + + ri:uid + + + + + + + + + true + + + + + + + true + + + + Correlation expression is a search query. + Following search queury will look for users that have "name" + equal to the "uid" attribute of the account. Simply speaking, + it will look for match in usernames in the IDM and the resource. + The correlation rule always looks for users, so it will not match + any other object type. + + + name + + + declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; + $account/attributes/ri:uid + + + + + + + + + + + linked + true + + + deleted + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink + + + + + unlinked + true + + http://midpoint.evolveum.com/xml/ns/public/model/action-3#link + + + + unmatched + + + + + + + diff --git a/samples/stories/multitenant-idm-saas/roles/metarole-org.xml b/samples/stories/multitenant-idm-saas/roles/metarole-org.xml new file mode 100644 index 00000000000..b742c3e5cd3 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/metarole-org.xml @@ -0,0 +1,118 @@ + + + + + + Functional Orgstruct Metarole + + + + + + generic + ou-customer + + + + $immediateRole/orgType + + + + + + + + + + + entitlement + group-org-admin + + + + $immediateRole/orgType + + + + + + + + + + + entitlement + group-org-poweruser + + + + $immediateRole/orgType + + + + + + + + + + + entitlement + group-org-user + + + + $immediateRole/orgType + + + + + + + + + + + Set organizationalUnit from organization name + weak + + $immediateRole/name + + + $user/organizationalUnit + + + + c:UserType + 2 + + + diff --git a/samples/stories/multitenant-idm-saas/roles/role-customer-authz-admin.xml b/samples/stories/multitenant-idm-saas/roles/role-customer-authz-admin.xml new file mode 100644 index 00000000000..be16e80c43e --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-customer-authz-admin.xml @@ -0,0 +1,348 @@ + + Delegated Administration Role + Role to delegate administration to customer admins. + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#user + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit + + + + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + self + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ShadowType + + self + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#changeCredentials + request + + self + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#changeCredentials + request + + ShadowType + + self + + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + execution + + self + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + execution + + ShadowType + + self + + + credentials + + + + Read for all password policies, all resources and roles of roleType=customer and End User + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ValuePolicyType + + + ResourceType + + + RoleType + + + + roleType + customer + + + name + End user + + + + + + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + OrgType + + + + orgType + functional + + + + + + + + Read for lookuptable + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + LookupTableType + + + + + + Magic read/modify + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + + + org:manager + allDescendants + true + + + + + + + Modify some user attributes + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + + UserType + + org:manager + + + name + description + givenName + familyName + employeeType + emailAddress + activation + credentials + + + + + Authz: CRD UserType + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete + + UserType + + org:manager + + + + + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign + + UserType + + org:manager + + + + RoleType + + + + roleType + customer + + + name + End user + + + + + + + + + Read shadows owned by customer-admin/customer-user + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ShadowType + + UserType + + + + employeeType + customer-admin + + + employeeType + customer-user + + + + + + + + + + Read all entitlements and generic shadows + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ShadowType + + + + kind + entitlement + + + kind + generic + + + + + + + + + Allow execution for derived changes on User + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + execution + + UserType + + + + employeeType + customer-admin + + + employeeType + customer-user + + + + + + + + Allow execution for derived changes on Shadows for users + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete + execution + + ShadowType + + UserType + + + + employeeType + customer-admin + + + employeeType + customer-user + + + + + + + + Allow execution for derived changes on Shado for organizations + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete + execution + + ShadowType + + OrgType + + + + orgType + customer + + + + + + + false + diff --git a/samples/stories/multitenant-idm-saas/roles/role-customer-authz-enduser.xml b/samples/stories/multitenant-idm-saas/roles/role-customer-authz-enduser.xml new file mode 100644 index 00000000000..a58ba3cfad4 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-customer-authz-enduser.xml @@ -0,0 +1,105 @@ + + Customer End User Role + End user role for normal users. + + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + self + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ShadowType + + self + + + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#changeCredentials + request + + self + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#changeCredentials + request + + ShadowType + + self + + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + execution + + self + + credentials + + + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify + execution + + ShadowType + + self + + + credentials + + + + Read for all resources and roles of roleType=customer and End User + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read + + ResourceType + + + RoleType + + + + roleType + customer + + + name + End user + + + + + + + + Do not allow to assign anything for self + deny +request + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign + http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign + + RoleType + + + customer + false + diff --git a/samples/stories/multitenant-idm-saas/roles/role-customer-basic-admin.xml b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-admin.xml new file mode 100644 index 00000000000..24ca4b6f900 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-admin.xml @@ -0,0 +1,60 @@ + + + + + Customer Admin Role + Role intended to be assigned to all customer admins automatically + + + + + ri:group + + + $user/organizationalUnit + + + + + + stringIgnoreCase + + declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; + declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; + attributes/ri:dn + + + + + + + onResourceIfNeeded + + + + + + + customer + diff --git a/samples/stories/multitenant-idm-saas/roles/role-customer-basic-poweruser.xml b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-poweruser.xml new file mode 100644 index 00000000000..df3d4062b54 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-poweruser.xml @@ -0,0 +1,60 @@ + + + + + Customer Power User Role + Role intended to be assigned to customer users manually + + + + + ri:group + + + $user/organizationalUnit + + + + + + stringIgnoreCase + + declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; + declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; + attributes/ri:dn + + + + + + + onResourceIfNeeded + + + + + + + customer + diff --git a/samples/stories/multitenant-idm-saas/roles/role-customer-basic-user.xml b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-user.xml new file mode 100644 index 00000000000..938cfdd325e --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-customer-basic-user.xml @@ -0,0 +1,60 @@ + + + + + Customer User Role + Role intended to be assigned to all customer users and admins automatically + + + + + ri:group + + + $user/organizationalUnit + + + + + + stringIgnoreCase + + declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"; + declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; + attributes/ri:dn + + + + + + + onResourceIfNeeded + + + + + + + customer + diff --git a/samples/stories/multitenant-idm-saas/roles/role-meta-ldap-customer-group.xml b/samples/stories/multitenant-idm-saas/roles/role-meta-ldap-customer-group.xml new file mode 100644 index 00000000000..ae0fd2dbd33 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/roles/role-meta-ldap-customer-group.xml @@ -0,0 +1,91 @@ + + + + + + Create Custom Customer LDAP Group Metarole + + + CUSTOMGROUP-I + + + entitlement + group-custom + + + + + CUSTOMGROUP-II + + + account + default + + ri:group + + + + + entitlement + group-custom + + + + + + + 2 + + + + + + Generate Role type + + + + + $focus/description + + + + + + + + + Store customer info + + + + + $focus/identifier + + + + + customer + diff --git a/samples/stories/multitenant-idm-saas/valuePolicies/normal-password-policy.xml b/samples/stories/multitenant-idm-saas/valuePolicies/normal-password-policy.xml new file mode 100644 index 00000000000..cc8b86d06b6 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/valuePolicies/normal-password-policy.xml @@ -0,0 +1,67 @@ + + + + + + Normal Customer Password Policy + This Password policy requires at least one lowercase +letter, at least one uppercase letter in the password. The password must start with a lowercase +letter and must be at least 8 characters long. + + 999 + 9 + 0 + 0 + 0 + + + String validation policy + + 8 + 4 + + + + Lowercase alphanumeric characters + 1 + false + + abcdefghijklmnopqrstuvwxyz + + + + Uppercase alphanumeric characters + 1 + false + + ABCDEFGHIJKLMNOPQRSTUVWXYZ + + + + Numeric characters + 0 + false + + 1234567890 + + + + Special characters + 0 + false + + !"#$%&()*+,-.:;<>?@[]^_{}~ + + + + + + + + diff --git a/samples/stories/multitenant-idm-saas/valuePolicies/stronger-password-policy.xml b/samples/stories/multitenant-idm-saas/valuePolicies/stronger-password-policy.xml new file mode 100644 index 00000000000..19cd0996737 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/valuePolicies/stronger-password-policy.xml @@ -0,0 +1,67 @@ + + + + + + Stronger Customer Password Policy + This Password policy requires at least one lowercase +letter, at least one uppercase letter, at least one digit in the password. The password must start with a lowercase +letter and must be at least 10 characters long. + + 999 + 9 + 0 + 0 + 0 + + + String validation policy + + 10 + 4 + + + + Lowercase alphanumeric characters + 1 + false + + abcdefghijklmnopqrstuvwxyz + + + + Uppercase alphanumeric characters + 1 + false + + ABCDEFGHIJKLMNOPQRSTUVWXYZ + + + + Numeric characters + 1 + false + + 1234567890 + + + + Special characters + 0 + false + + !"#$%&()*+,-.:;<>?@[]^_{}~ + + + + + + + + diff --git a/samples/stories/multitenant-idm-saas/valuePolicies/verystrong-password-policy.xml b/samples/stories/multitenant-idm-saas/valuePolicies/verystrong-password-policy.xml new file mode 100644 index 00000000000..2bbd5716ad7 --- /dev/null +++ b/samples/stories/multitenant-idm-saas/valuePolicies/verystrong-password-policy.xml @@ -0,0 +1,67 @@ + + + + + + Very Strong Password Policy + This Password policy requires at least one lowercase +letter, at least one uppercase letter, at least one digit in the password. The password must start with a lowercase +letter and must be at least 16 characters long. + + 999 + 9 + 0 + 0 + 0 + + + String validation policy + + 16 + 4 + + + + Lowercase alphanumeric characters + 1 + false + + abcdefghijklmnopqrstuvwxyz + + + + Uppercase alphanumeric characters + 1 + false + + ABCDEFGHIJKLMNOPQRSTUVWXYZ + + + + Numeric characters + 1 + false + + 1234567890 + + + + Special characters + 0 + false + + !"#$%&()*+,-.:;<>?@[]^_{}~ + + + + + + + +