Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · Jan 30, 2020 · eb29010 · eb29010
2 parents 5348e47 + 7ddcd41
commit eb29010
Show file tree

Hide file tree

Showing 44 changed files with 1,476 additions and 1,344 deletions.
diff --git a/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/PrismContainer.java b/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/PrismContainer.java
@@ -68,6 +68,10 @@ public interface PrismContainer<C extends Containerable>
      */
     boolean canRepresent(QName type);
 
+    /**
+     * @return List of current values. The list itself is freely modifiable - it is independent on the list of values
+     * in this container. However, values themselves are directly linked to the PCVs.
+     */
     @NotNull
     @Override
     Collection<C> getRealValues();

diff --git a/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/path/ItemName.java b/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/path/ItemName.java
@@ -8,6 +8,8 @@
 package com.evolveum.midpoint.prism.path;
 
 import com.evolveum.midpoint.util.DebugUtil;
+import com.evolveum.midpoint.util.QNameUtil;
+
 import org.jetbrains.annotations.NotNull;
 
 import javax.xml.namespace.QName;
@@ -175,4 +177,8 @@ public ItemPath subPath(int from, int to) {
             return this;
         }
     }
+
+    public boolean matches(ItemName other) {
+        return QNameUtil.match(this, other);
+    }
 }
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
@@ -95,5 +95,6 @@
     <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-workflows-3"/>
     <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-policy-3"/>
     <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-case-management-3"/>
+    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-security-3"/>
 
 </xsd:schema>
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -4641,6 +4641,17 @@
                         </xsd:annotation>
                     </xsd:element>
 
+                    <xsd:element name="credentials" type="tns:CredentialsType" minOccurs="0" maxOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                The set of user's credentials (such as passwords).
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:displayName>UserType.credentials</a:displayName>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+
                 </xsd:sequence>
             </xsd:extension>
         </xsd:complexContent>
@@ -4975,17 +4986,6 @@
                         </xsd:annotation>
                     </xsd:element>
 
-                    <xsd:element name="credentials" type="tns:CredentialsType" minOccurs="0" maxOccurs="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                The set of user's credentials (such as passwords).
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:displayName>UserType.credentials</a:displayName>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-
                     <xsd:element name="adminGuiConfiguration" type="tns:AdminGuiConfigurationType" minOccurs="0" maxOccurs="1">
                         <xsd:annotation>
                             <xsd:documentation>

diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
@@ -188,7 +188,7 @@ <F extends ObjectType> ModelContext<F> previewChanges(
      */
     <O extends ObjectType,R extends AbstractRoleType> ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException;
 
-    SecurityPolicyType getSecurityPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException;
+    <F extends FocusType> SecurityPolicyType getSecurityPolicy(PrismObject<F> focus, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException;
 
     /**
      * Returns an authentications policies as defined in the system configuration security policy. This method is designed to be used

diff --git a/.../com/evolveum/midpoint/model/common/expression/evaluator/GenerateExpressionEvaluator.java b/.../com/evolveum/midpoint/model/common/expression/evaluator/GenerateExpressionEvaluator.java
@@ -10,10 +10,7 @@
 
 import javax.xml.namespace.QName;
 
-import com.evolveum.midpoint.model.common.stringpolicy.AbstractValuePolicyOriginResolver;
-import com.evolveum.midpoint.model.common.stringpolicy.ShadowValuePolicyOriginResolver;
-import com.evolveum.midpoint.model.common.stringpolicy.UserValuePolicyOriginResolver;
-import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
+import com.evolveum.midpoint.model.common.stringpolicy.*;
 import com.evolveum.midpoint.prism.*;
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.prism.delta.ItemDeltaUtil;
@@ -33,14 +30,7 @@
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SecurityViolationException;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.GenerateExpressionEvaluatorModeType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.GenerateExpressionEvaluatorType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 /**
  * @author semancik
@@ -124,7 +114,7 @@ public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context,
         Item<V, D> output = outputDefinition.instantiate();
         if (mode == null || mode == GenerateExpressionEvaluatorModeType.POLICY) {
 
-            AbstractValuePolicyOriginResolver<? extends ObjectType> originResolver = getOriginResolver(context);
+            ObjectBasedValuePolicyOriginResolver<?> originResolver = getOriginResolver(context);
 
             // TODO: generate value based on stringPolicyType (if not null)
             if (valuePolicyType != null) {
@@ -171,31 +161,25 @@ public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context,
 
     // determine object from the variables
     @SuppressWarnings("unchecked")
-    private <O extends ObjectType> AbstractValuePolicyOriginResolver<O> getOriginResolver(ExpressionEvaluationContext params) throws SchemaException {
+    private <O extends ObjectType> ObjectBasedValuePolicyOriginResolver<O> getOriginResolver(ExpressionEvaluationContext params) throws SchemaException {
         ExpressionVariables variables = params.getVariables();
         if (variables == null) {
             return null;
         }
         PrismObject<O> object = variables.getValueNew(ExpressionConstants.VAR_PROJECTION);
         if (object != null) {
-            return (AbstractValuePolicyOriginResolver<O>) new ShadowValuePolicyOriginResolver((PrismObject<ShadowType>) object, objectResolver);
+            return (ObjectBasedValuePolicyOriginResolver<O>) new ShadowValuePolicyOriginResolver((PrismObject<ShadowType>) object, objectResolver);
         }
         object = variables.getValueNew(ExpressionConstants.VAR_FOCUS);
-        return (AbstractValuePolicyOriginResolver<O>) new UserValuePolicyOriginResolver((PrismObject<UserType>) object, objectResolver);
+        return (ObjectBasedValuePolicyOriginResolver<O>) new FocusValuePolicyOriginResolver<>((PrismObject<FocusType>) object, objectResolver);
     }
 
-    /*
-     * (non-Javadoc)
-     *
-     * @see com.evolveum.midpoint.common.expression.ExpressionEvaluator#
-     * shortDebugDump()
-     */
     @Override
     public String shortDebugDump() {
         if (elementValuePolicy != null) {
             return "generate: " + elementValuePolicy;
+        } else {
+            return "generate";
         }
-        return "generate";
     }
-
 }
diff --git a/...va/com/evolveum/midpoint/model/common/stringpolicy/AbstractValuePolicyOriginResolver.java b/...va/com/evolveum/midpoint/model/common/stringpolicy/AbstractValuePolicyOriginResolver.java
@@ -34,23 +34,28 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyOriginType;
 
+import static com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyOriginType.OBJECT;
+
+import static org.apache.commons.lang3.ObjectUtils.defaultIfNull;
+
 /**
  * @author semancik
  *
  */
-public abstract class AbstractValuePolicyOriginResolver<O extends ObjectType> {
+public abstract class AbstractValuePolicyOriginResolver<O extends ObjectType> implements ObjectBasedValuePolicyOriginResolver<O> {
 
     private static final Trace LOGGER = TraceManager.getTrace(AbstractValuePolicyOriginResolver.class);
 
     private final PrismObject<O> object;
     private final ObjectResolver objectResolver;
 
-    public AbstractValuePolicyOriginResolver(PrismObject<O> object, ObjectResolver objectResolver) {
+    AbstractValuePolicyOriginResolver(PrismObject<O> object, ObjectResolver objectResolver) {
         super();
         this.object = object;
         this.objectResolver = objectResolver;
     }
 
+    @Override
     public PrismObject<O> getObject() {
         return object;
     }
@@ -61,13 +66,12 @@ public <R extends ObjectType> Class<R> getOwnerClass() {
         return (Class<R>) UserType.class;
     }
 
-    // TODO: later maybe isolate this method to an interface (ValuePolicyTypeResolver)
-    public <R extends ObjectType> void resolve(ResultHandler<R> handler, ProhibitedValueItemType prohibitedValueItemType, String contextDescription, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
-        ValuePolicyOriginType originType = prohibitedValueItemType.getOrigin();
-        if (originType == null) {
-            handleObject(handler, result);
-        }
-        switch (originType) {
+    @Override
+    public <R extends ObjectType> void resolve(ProhibitedValueItemType prohibitedValueItem, ResultHandler<R> handler,
+            String contextDescription, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException,
+            CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
+        ValuePolicyOriginType origin = defaultIfNull(prohibitedValueItem.getOrigin(), OBJECT);
+        switch (origin) {
             case OBJECT:
                 handleObject(handler, result);
                 break;
@@ -78,41 +82,40 @@ public <R extends ObjectType> void resolve(ResultHandler<R> handler, ProhibitedV
                 handlePersonas(handler, contextDescription, task, result);
                 break;
             case PROJECTION:
-                handleProjections(handler, prohibitedValueItemType, contextDescription, task, result);
+                handleProjections(handler, prohibitedValueItem, contextDescription, task, result);
                 break;
             default:
-                throw new IllegalArgumentException("Unexpected origin type "+originType);
+                throw new IllegalArgumentException("Unexpected origin type " + origin);
         }
     }
 
     private <R extends ObjectType> void handleObject(ResultHandler<R> handler, OperationResult result) {
-        handler.handle((PrismObject<R>) getObject(), result);
+        handler.handle((PrismObject<R>) object, result);
     }
 
     private <P extends ObjectType> void handlePersonas(ResultHandler<P> handler, String contextDescription, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
-        PrismObject<O> object = getObject();
         if (!object.canRepresent(UserType.class)) {
             return;
         }
         for (ObjectReferenceType personaRef: ((UserType)object.asObjectable()).getPersonaRef()) {
             UserType persona = objectResolver.resolve(personaRef, UserType.class, SelectorOptions.createCollection(GetOperationOptions.createReadOnly()), "resolving persona in " + contextDescription, task, result);
+            //noinspection unchecked
             handler.handle((PrismObject<P>) persona.asPrismObject(), result);
         }
     }
 
     private <P extends ObjectType> void handleProjections(ResultHandler<P> handler, ProhibitedValueItemType prohibitedValueItemType, String contextDescription, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
-        PrismObject<O> object = getObject();
         // Not very efficient. We will usually read the shadows again, as they are already in model context.
         // It will also work only for the items that are stored in shadow (usually not attributes, unless caching is enabled).
         // But this is good enough for now.
         FocusType focusType;
         if (object.canRepresent(FocusType.class)) {
             focusType = ((FocusType)object.asObjectable());
         } else if (object.canRepresent(ShadowType.class)) {
-            ObjectQuery query = getObject().getPrismContext()
-            .queryFor(FocusType.class)
-            .item(UserType.F_LINK_REF).ref(getObject().getOid())
-            .build();
+            ObjectQuery query = object.getPrismContext()
+                    .queryFor(FocusType.class)
+                    .item(FocusType.F_LINK_REF).ref(object.getOid())
+                    .build();
             final Holder<FocusType> focusTypeHolder = new Holder<>();
             try {
                 objectResolver.searchIterative(FocusType.class, query,
@@ -151,7 +154,10 @@ private <P extends ObjectType> void handleProjections(ResultHandler<P> handler,
     }
 
     private <P extends ObjectType> void handleOwner(ResultHandler<P> handler, String contextDescription, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
-        objectResolver.searchIterative(getOwnerClass(), getOwnerQuery(), SelectorOptions.createCollection(GetOperationOptions.createReadOnly()),
-                handler, task, result);
+        ObjectQuery ownerQuery = getOwnerQuery();
+        if (ownerQuery != null) {
+            objectResolver.searchIterative(getOwnerClass(), ownerQuery,
+                    SelectorOptions.createCollection(GetOperationOptions.createReadOnly()), handler, task, result);
+        }
     }
 }
diff --git a/.../java/com/evolveum/midpoint/model/common/stringpolicy/FocusValuePolicyOriginResolver.java b/.../java/com/evolveum/midpoint/model/common/stringpolicy/FocusValuePolicyOriginResolver.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2020 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.model.common.stringpolicy;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.query.ObjectQuery;
+import com.evolveum.midpoint.repo.common.ObjectResolver;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+
+/**
+ * @author semancik
+ */
+public class FocusValuePolicyOriginResolver<F extends FocusType> extends AbstractValuePolicyOriginResolver<F> {
+
+    public FocusValuePolicyOriginResolver(PrismObject<F> object, ObjectResolver objectResolver) {
+        super(object, objectResolver);
+    }
+
+    @Override
+    public ObjectQuery getOwnerQuery() {
+        if (getObject().asObjectable() instanceof UserType) {
+            return getObject().getPrismContext()
+                    .queryFor(UserType.class)
+                    .item(UserType.F_PERSONA_REF).ref(getObject().getOid())
+                    .build();
+        } else {
+            return null;
+        }
+    }
+}
diff --git a/...com/evolveum/midpoint/model/common/stringpolicy/ObjectBasedValuePolicyOriginResolver.java b/...com/evolveum/midpoint/model/common/stringpolicy/ObjectBasedValuePolicyOriginResolver.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2020 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+package com.evolveum.midpoint.model.common.stringpolicy;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+
+/**
+ * ValuePolicyOriginResolver that resolves origin based on some context object (that can be retrieved).
+ */
+public interface ObjectBasedValuePolicyOriginResolver<O extends ObjectType> extends ValuePolicyOriginResolver {
+
+    /**
+     * Returns the object in context of which we are resolving the origin.
+     */
+    PrismObject<O> getObject();
+}