Merge branch 'docs/cleanup-4.8' of https://github.com/Evolveum/midpoint…

… into docs/cleanup-4.8

docs/admin-gui/resource-wizard/index.adoc

@@ -90,7 +90,7 @@ You can choose your next step:
 * Configure Object Types
 * Go To Resource
 
-image::choice-part-resource.png[link=choice-part-resource.png,title=Resource created - next steps,100%]
+image::choice-part-resource.png[link=choice-part-resource.png,100%,title=Resource created - next steps]
 
 Clicking *Preview Resource Data* tile will display the data (e.g. accounts) in the source/target system configured as resource.
 You can display the data even before providing configuration for its processing.
@@ -124,7 +124,7 @@ Define the basic information about the object type:
 image::step-2-object-type-basic-config.png[link=step-2-object-type-basic-config.png, 100%, title=Basic configuration of object type]
 
 .See also the following pages for more information:
-* xref:/midpoint/reference/resources/shadow/kind-intent-objectclass/[Kind, Intent and ObjectClass]
+* xref:/midpoint/reference/resources/shadow/kind-intent-objectclass/[]
 
 Click btn:[Next: Resource data] to continue the object type configuration.
 
@@ -167,14 +167,14 @@ You can choose your next step to configure other parts of your object type confi
 
 ##TODO add links to content##
 
-* *Basic Attributes* allows getting back to the <<Basic attributes,basic configuration of your object type>>
-* Mappings
-* Synchronization
-* Correlation
-* Capabilities
-* Activation
-* Credentials
-* Associations
+* <<Basic attributes>> allows getting back to the basic configuration of your object type
+* <<Mappings>> allow to configure resource attribute mappings
+* <<Synchronization>>
+* <<Correlation>>
+* <<Capabilities>>
+* <<Activation>>
+* <<Credentials>>
+* <<Associations>>
 
 image::choice-part-object-type.png[link=choice-part-object-type.png,100%,title=Parts of object type configuration]
 
@@ -199,16 +199,14 @@ Click either *Inbound mappings* or *Outbound mappings* header in the table of ma
 
 ==== Inbound mappings
 
-Use inbound mappings to store resource attribute values in midPoint properties.
+Use xref:/midpoint/reference/expressions/mappings/inbound-mapping/[inbound mappings] to store resource attribute values in midPoint properties.
 
 Click btn:[Add inbound] to add a new inbound mapping.
 
 To define a mapping, you need to configure:
 
 * *Name* of the mapping. This is technically not mandatory, but helps a lot during troubleshooting and when using resource template inheritance.
 * *From resource attribute* allows you to type (with autocompletion) the resource attribute that should be used as a source of the mapping.
-+
-TIP: Even multiple source attributes can be defined for an inbound mapping.
 * *Expression* specifies how the source attribute(s) should be used. Resource wizard support the following xref:/midpoint/reference/expressions/expressions/[expression types]:
 ** *As is* (default) simply copies the value from resource attribute to midPoint target property
 ** *Literal* allows to specify a constant value
@@ -217,64 +215,120 @@ TIP: Even multiple source attributes can be defined for an inbound mapping.
 * *Target* allows you to type (with autocompletion) the midPoint property that should be used to store the value generated by the inbound mapping
 * *Lifecycle state* allows you to define the lifecycle state of the mapping. This can be used during xref:/midpoint/reference/admin-gui/simulations/[Simulations], e.g. specifying lifecycle state as `Proposed` will be used only to simulate the mapping, `Draft` disables the mapping etc.
 
-More complex configuration is possible by clicking *icon:fas-edit[] (Edit)* button.
-
-Mapping can be deleted by clicking *icon:far-trash-alt[] (Delete)* button.
-
-// TODO finished here
-
 image::step-3-mappings-inbound.png[link=step-3-mappings-inbound.png, 100%, title=Table of inbound mappings]
 
+TIP: Adding new mappings to existing configuration can utilize simulations if you use `Proposed` as the new mappings' lifecycle state. Such mappings can be simulated without influencing the real data.
+
+More complex configuration is possible by clicking btn:[Edit] button:
 
-{empty} +
-Inbound mapping:
 [%autowidth, cols="a,a", frame=none, grid=none, role=center]
 |===
-2+| image::step-3-mappings-inbound.png[link=step-3-mappings-inbound.png, 100%, title=Table of inbound mappings]
-| image::step-3-mappings-inbound-detail-main.png[link=step-3-mappings-inbound-detail-main.png, 100%, title=Main detail configuration of inbound mapping]
-
-| image::step-3-mappings-inbound-detail-optional.png[link=step-3-mappings-inbound-detail-optional.png, 100%, title=Optional detail configuration of inbound mapping]
+| image::step-3-mappings-inbound-detail-main.png[link=step-3-mappings-inbound-detail-main.png, 100%, title=Main configuration of inbound mapping (complex view)]
+| image::step-3-mappings-inbound-detail-optional.png[link=step-3-mappings-inbound-detail-optional.png, 100%, title=Optional configuration of inbound mapping (complex view)]
 |===
 
-{empty} +
-Outbound mapping:
+Mapping can be deleted by clicking btn:[Delete] button.
+
+Mappings can be saved by clicking btn:[Save mappings] and wizard will return to the previous page from which you started mapping editor.
+
+Click btn:[Attribute overrides] if you need to xref:https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/#attribute-definitions[override attribute(s) visibility or other behavior].
+
+==== Outbound Mappings
+
+Use xref:/midpoint/reference/expressions/mappings/outbound-mapping/[outbound mappings] to populate resource attribute values from midPoint properties.
+
+Click btn:[Add outbound] to add a new outbound mapping.
+
+To define a mapping, you need to configure:
+
+* *Name* of the mapping. This is technically not mandatory, but helps a lot during troubleshooting and when using resource template inheritance.
+* *Source* allows you to type (with autocompletion) the midPoint property that should be used as a source for this outbound mapping
++
+TIP: Even multiple source attributes can be defined for an outbound mapping.
+* *Expression* specifies how the source attribute(s) should be used. Resource wizard support the following xref:/midpoint/reference/expressions/expressions/[expression types]:
+** *As is* (default) simply copies the value from resource attribute to midPoint target property
+** *Literal* allows to specify a constant value
+** *Script* allows to write a more complex behavior using a xref:/midpoint/reference/expressions/expressions/[midPoint expression] (by default in Groovy language)
+** *Generate* allows to generate a random string using a value policy (useful for generating passwords)
+* *To resource attribute* allows you to type (with autocompletion) the resource attribute that should be used as a target of the mapping.
+* *Lifecycle state* allows you to define the lifecycle state of the mapping. This can be used during xref:/midpoint/reference/admin-gui/simulations/[Simulations], e.g. specifying lifecycle state as `Proposed` will be used only to simulate the mapping, `Draft` disables the mapping etc.
+
+image::step-3-mappings-outbound.png[link=step-3-mappings-outbound.png, 100%, title=Table of outbound mappings]
+
+TIP: Adding new mappings to existing configuration can utilize simulations if you use `Proposed` as the new mappings' lifecycle state. Such mappings can be simulated without influencing the real data.
+
+More complex configuration is possible by clicking btn:[Edit] button:
+
 [%autowidth, cols="a,a", frame=none, grid=none, role=center]
 |===
-2+| image::step-3-mappings-outbound.png[link=step-3-mappings-outbound.png, 100%, title=Table of outbound mappings]
-| image::step-3-mappings-outbound-detail-main.png[link=step-3-mappings-outbound-detail-main.png, 100%, title=Main detail configuration of outbound mapping]
-| image::step-3-mappings-outbound-detail-optional.png[link=step-3-mappings-outbound-detail-optional.png, 100%, title=Optional detail configuration of inbound mapping]
+| image::step-3-mappings-outbound-detail-main.png[link=step-3-mappings-outbound-detail-main.png, 100%, title=Main configuration of outbound mapping (complex view)]
+| image::step-3-mappings-outbound-detail-optional.png[link=step-3-mappings-outbound-detail-optional.png, 100%, title=Optional configuration of outbound mapping (complex view)]
 |===
 
+Mapping can be deleted by clicking btn:[Delete] button.
+
+Mappings can be saved by clicking btn:[Save mappings] and wizard will return to the previous page from which you started mapping editor.
+
+Click btn:[Attribute overrides] if you need to xref:https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/#attribute-definitions[override attribute(s) visibility or other behavior].
+
+==== Attribute override
+
+Attribute configuration can be xref:https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/#attribute-definitions[overridden] beyond the context of the mappings.
+This is useful to override attribute visibility, its display name, tolerance etc.
+
 {empty} +
-Attribute override:
 [%autowidth, cols="a,a", frame=none, grid=none, role=center]
 |===
 
 2+| image::step-3-mappings-override.png[link=step-3-mappings-override.png, 100%, title=Table of attribute overrides]
 
-| image::step-3-mappings-override-detail-basic.png[link=step-3-mappings-override-detail-basic.png, 100%, title=Detail configuration of attribute override]
-| image::step-3-mappings-override-detail-limitations.png[link=step-3-mappings-override-detail-limitations.png, 100%, title=Detail configuration of attribute override limitations]
+| image::step-3-mappings-override-detail-basic.png[link=step-3-mappings-override-detail-basic.png, 100%, title=Detailed configuration of attribute override configuration]
+| image::step-3-mappings-override-detail-limitations.png[link=step-3-mappings-override-detail-limitations.png, 100%, title=Detailed configuration of attribute override - limitations configuration]
 |===
 
-TODO: interesting links
-
 === Synchronization
 
-.Table of synchronization rules
-image::step-4-synch.png[Table of synchronization actions,100%]
+This part of object type wizard allows you to define xref:/midpoint/reference/synchronization/situations/[synchronization situations and reactions].
+These situations represent state of the resource object (e.g. account) in relation to midPoint and appropriate action that should be executed by midPoint.
 
-{empty} +
-Detail for synchronization rule:
+For the situations you need to configure:
+
+* *Name* of the situation/reaction configuration. This is technically not mandatory, but helps a lot during troubleshooting and when using resource template inheritance.
+* *Situation* allows you to select an appropriate situation:
+** *Linked*
+** *Unlinked*
+** *Deleted*
+** *Unmatched*
+** *Disputed*
+* *Action* allows you to select midPoint behavior if the resource object is in the defined Situation
+** *Add focus* allows to create a new object in midPoint based on the resource data
+** *Synchronize* allows to synchronize data between midPoint object and resource data based on the mappings
+** *Link* allows to link previously not linked resource object to midPoint object
+** *Delete resource object* allows to delete resource object
+** *Inactivate resource object* allows to inactivate (disable) resource object
+** *Inactivate focus* allows to inactivate (disable) midPoint object
+** *Delete focus* allows to delete midPoint object
+* *Lifecycle state* allows you to define the lifecycle state of the situation/reaction configuration. This can be used during xref:/midpoint/reference/admin-gui/simulations/[Simulations], e.g. specifying lifecycle state as `Proposed` will be used only to simulate the synchronization/reaction configuration, `Draft` disables the synchronization/reaction configuration etc.
+
+TIP: Please refer to xref:/midpoint/reference/schema/focus-and-projections/[Focus and Projections] for explanation of the term _Focus_. In the most basic scenarios when synchronizing users and their accounts, _focus_ corresponds to User object in midPoint.
+
+image::step-4-synch.png[link=step-4-synch.png,100%,title=Table of synchronization actions]
+
+More complex configuration is possible by clicking btn:[Edit] button:
 
 [%autowidth, cols="a,a", frame=none, grid=none, role=center]
 |===
 | image::step-4-synch-detail-basic.png[link=step-4-synch-detail-basic.png, 100%, title=Basic configuration of synchronizatio rule]
 | image::step-4-synch-detail-action.png[link=step-4-synch-detail-action.png, 100%, title=Action for synchronization rule]
 
-| image::step-4-synch-detail-optional.png[link=step-4-synch-detail-optional.png, 100%, title=optional attributes for synchronization rule]
+| image::step-4-synch-detail-optional.png[link=step-4-synch-detail-optional.png, 100%, title=Optional attributes for synchronization rule]
 |
 |===
 
+Situation/reaction configuration can be deleted by clicking btn:[Delete] button.
+
+// TODO finished 12.1.2024 16:45
+
 === Correlation
 
 .Table of correlation rules

docs/concepts/query/midpoint-query-language/index.adoc

@@ -32,44 +32,52 @@ image:advanced-query-select.png[Select Advanced query]
 You can test the queries directly in GUI. Starting in All users view. It is easy and straightforward.
 As an example, to select all users with given name starting with "J" just enter `givenName startsWith "J"` to search bar and click search button.
 
-
-For starting with midPoint query, please check
-xref:introduction.adoc[introduction] document.
-
 Examples how to use the midPoint query in GUI can be found in xref:/midpoint/guides/gui-midpoint-query-examples[Advanced search - EXAMPLES].
 
-MidPoint provides xref:../query-concepts/index.adoc#_query_playground[query playground] feature that allows administrator more advanced experimenting with midPoint queries.
 
 === Using in Configuration
 
-Advanced query filters can be used in any configuration place, normal XML filters
-would be used. Advanced query filter is wrapped inside `<text>`
-element inside `<filter>` element.
+Advanced query filters can be used in any configuration place. In XML configuration files it is wrapped inside `<text>` element inside `<filter>` element.
 
-//TODO: sem dat, ze potrebujem vybrat objekt.
-IMPORTANT: Midpoint performs queries over defined set of objects. In GUI, the set is defined by actually opened view. In configuration, the object must be specified.
+For example query `givenName startsWith "J"` is stored in midPoint configuration this way.
 
-.Example XML
+.midPoint Query in XML configuration format
 [source, xml]
 ----
-<filter>
- <text>roleMembershipRef matches (relation = manager)</text>
-</filter>
+<query>
+  <filter>
+    <text>givenName startsWith "J"</text>
+  </filter>
+</query>
 ----
 
-.Example YAML
+.midPoint Query in YAML configuration format
 [source, yaml]
 ----
 filter:
-  text: roleMembershipRef matches (relation = manager)
+  text: givenName startsWith "J"
+----
+
+.midPoint Query in JSON configuration format
+[source, json]
+----
+"query" : {
+  "filter" : {
+	"text" : "givenName startsWith \"J\""
+  }
+}
 ----
 
-=== Query Converter
 
-You may need to convert existing configuration using XML queries to midPoint Query Language.
-MidPoint provides #Query converter# interface for such helping you with query conversion.
+To start with midPoint Query Language, please read xref:introduction.adoc[*Introduction to midPoint Query Language*].
 
+=== Query Playground
 
+To experiment with the query language, there is hardly a better place than the actual running midPoint.
+MidPoint provides xref:./query-playground/index.adoc#_query_playground[query playground] feature that allows administrator more advanced experimenting with midPoint queries.
+
+You may need to convert existing configuration using XML queries to midPoint Query Language.
+There is xref:./query-playground/index.adoc#_query_converter[query converter] in midPoint that is helpful with such query conversion.
 
 
 == Motivation, Origin and Future

docs/concepts/query/midpoint-query-language/introduction.adoc

@@ -2,14 +2,16 @@
 :page-nav-title: Introduction
 :page-display-order: 100
 :page-toc: top
-:toclevels: 3
+:toclevels: 2
 :sectnums:
 :sectnumlevels: 3
 
 
 This document provides introduction to the *midPoint Query Language*.
 Some details are omitted, and there are some simplifications for clarity.
 
+After completing this document, reader should be able to apply midPoint Query Language in configuration.
+We encourage to test the queries using the xref:./query-playground/index.adoc#_query_playground[query playground], which provides convenient and interactive environment for experimenting with queries.
 
 == Language Description
 
@@ -420,3 +422,8 @@ assignment/targetRef/@ matches (
    . fullText "secret"
 )
 ----
+
+
+//=== Query in configuration object
+
+//TODO - tu ako dat query do tasku na recompute vsetkych userov, ktori maju rolu "End user"

docs/concepts/query/midpoint-query-language/query-playground/index.adoc

@@ -0,0 +1,82 @@
+= Query Playground and Query Converter
+:page-nav-title: Errors while querying
+:page-display-order: 600
+
+To experiment with the query language, there is hardly a better place than the actual running midPoint.
+Log in the GUI as administrator and choose *Query playground* in the main menu on the left, all the way down, just above *About*.
+
+[#_query_playground]
+== Query playground
+
+
+
+To test the query, you have to:
+
+. Select the *Object type*,
+** Object type defines type of objects the query will be selecting from. While searching in GUI the object type is defined by actually opened view. In query playground you need to define it manually.
+** check *Distinct* if needed (first try without it),
+. write the *query* into the text area,
+. press *Translate and execute*.
+
+Alternatively use an existing example from the selection box below.
+
+You can either execute the query or just simulate it.
+In both cases you will see the translated SQL query (or HQL for the old Generic repository) and the parameter values.
+
+[NOTE]
+Container value queries are not yet supported by the Query playground.
+
+[IMPORTANT]
+====
+The *distinct* option is often essential to get the right count of objects when searching in the Generic repository.
+This is caused by `LEFT JOIN` used even when traversing to multi-value containers.
+E.g., filter on `assignment/targetRef` causes each object with multiple assignments to be returned multiple times.
+Using Exists filter (see later) does not fix this in the Generic repository either, as it also uses `LEFT JOIN` internally.
+
+The new xref:/midpoint/reference/repository/native-postgresql/[Native repository] does not suffer
+by these problems as it always uses SQL `EXISTS` when traversing to multi-value containers and also for Exists filter.
+Native repository actually *ignores distinct* if there is no `JOIN` in the final query, as the returned raws must be distinct.
+Native repository uses `LEFT JOIN` only to traverse across single-valued containers and references and their targets,
+so even then the distinct option is useless and, when honoured, can potentially hurt SQL performance.
+====
+
+=== Fluent API script translation
+
+Query playground offers an option to translate queries from fluent API scripts.
+This way you can debug the Groovy code for an expression directly in the GUI before using it.
+
+To do this, follow these steps:
+
+* Check *Translate from Query API script*, the expression text area will appear.
+* Enter the code as an expression, e.g.:
++
+[source,xml]
+----
+<expression>
+    <script>
+        <code>
+            import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+
+            prismContext.queryFor(FocusType.class)
+                .item(FocusType.F_NAME).startsWith("a").build();
+        </code>
+    </script>
+</expression>
+----
+* Choose the *Object type*, just like for any other query.
+Just use the type from `queryFor(...)` call, in our example `FocusType`.
+If the query does not provide expected results, very likely the object type selection is not right.
+* Press *Translate and execute*.
+
+This will execute the query in the expression and also shows the query in the text area for
+XML/JSON/YAML query - in the language currently chosen.
+
+Using the expression requires proper imports - depending on the complexity of the script you
+may need additional imports from packages like `com.evolveum.midpoint.schema`,
+`com.evolveum.midpoint.prism.query` or others.
+
+
+
+[#_query_converter]
+== Query converter
+