Merge remote-tracking branch 'origin/master' into feature/containers-…

…iterative

config/sql/README.txt

@@ -1,11 +1,11 @@
 Subdirectories contain SQL schema scripts for two repository implementations:
 
-* generic-old: This was the only available implementation before midPoint 4.4.
-It supports various SQL databases, currently PostgreSQL, Oracle and MicrosoftS
+* generic: This was the only available implementation before midPoint 4.4.
+It supports various SQL databases, currently Oracle and Microsoft
 SQL Server is supported. Repository implementation uses Hibernate ORM system.
 This repository is planned for removal after 4.4 LTS cycle.
 
-* native-new: This is newer repository implementation that is available since
+* native: This is newer repository implementation that is available since
 midPoint 4.4. Only PostgreSQL from version 12 higher is supported.
 This is the repository we plan to support and improve in the future.
 
@@ -21,10 +21,10 @@ NATIVE (NEW) REPOSITORY
 
 SQL schema for Native repository is split into the following files:
 
-* postgres-new.sql - main part of the repository; this is always needed.
-* postgres-new-audit.sql - audit tables; this can be applied on top of the main
+* postgres.sql - main part of the repository; this is always needed.
+* postgres-audit.sql - audit tables; this can be applied on top of the main
 repository or in a new database if separate audit database is desired.
-* postgres-new-quartz.sql - tables for Quartz scheduler, can be applied safely.
+* postgres-quartz.sql - tables for Quartz scheduler, can be applied safely.
 
 Unless you plan to use separate database for audit, just apply all these schema
 files in the order named above. Even if tables are not needed, no harm is done.

config/sql/native-new/postgres-new-upgrade-audit.sql → config/sql/native/postgres-audit-upgrade.sql

@@ -147,6 +147,10 @@ ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_CLUSTER' AFTER 'ROL
 ALTER TYPE ObjectType ADD VALUE IF NOT EXISTS 'ROLE_ANALYSIS_SESSION' AFTER 'ROLE_ANALYSIS_CLUSTER';
 $aa$);
 
+-- Informatoin Disclosure
+call apply_audit_change(8, $aa$
+ALTER TYPE AuditEventTypeType ADD VALUE IF NOT EXISTS 'INFORMATION_DISCLOSURE' AFTER 'DISCOVER_OBJECT';
+$aa$);
 -- WRITE CHANGES ABOVE ^^
 -- IMPORTANT: update apply_audit_change number at the end of postgres-new-audit.sql
 -- to match the number used in the last change here!

config/sql/native-new/postgres-new-audit.sql → config/sql/native/postgres-audit.sql

@@ -76,7 +76,7 @@ EXCEPTION WHEN duplicate_object THEN raise notice 'Main repo custom types alread
 CREATE TYPE AuditEventTypeType AS ENUM ('GET_OBJECT', 'ADD_OBJECT', 'MODIFY_OBJECT',
     'DELETE_OBJECT', 'EXECUTE_CHANGES_RAW', 'SYNCHRONIZATION', 'CREATE_SESSION',
     'TERMINATE_SESSION', 'WORK_ITEM', 'WORKFLOW_PROCESS_INSTANCE', 'RECONCILIATION',
-    'SUSPEND_TASK', 'RESUME_TASK', 'RUN_TASK_IMMEDIATELY', 'DISCOVER_OBJECT');
+    'SUSPEND_TASK', 'RESUME_TASK', 'RUN_TASK_IMMEDIATELY', 'DISCOVER_OBJECT', 'INFORMATION_DISCLOSURE');
 
 CREATE TYPE AuditEventStageType AS ENUM ('REQUEST', 'EXECUTION', 'RESOURCE');
 

dist/src/main/bin/midpoint.sh

@@ -45,21 +45,21 @@ if [ "${1}" = "init-native" ]; then
     echo "MP_INIT_DB variable with target for DB init files was not set - skipping db init file processing..." >&2
   else
     if [ "${MP_INIT_DB_CONCAT:-}" = "" ]; then
-      if [ -e "${BASE_DIR}/doc/config/sql/native-new" ]; then
-        find "${BASE_DIR}/doc/config/sql/native-new/" -type f -name "postgres-new*.sql" ! -name "postgres-new-upgrade.sql" -exec cp \{\} "${MP_INIT_DB}/" \;
+      if [ -e "${BASE_DIR}/doc/config/sql/native" ]; then
+        find "${BASE_DIR}/doc/config/sql/native/" -type f -name "postgres*.sql" ! -name "postgres-upgrade.sql" -exec cp \{\} "${MP_INIT_DB}/" \;
       else
         echo "Location with sql init structure (source) have not been found..." >&2
         exit 1
       fi
     else
-      if [ -e "${BASE_DIR}/doc/config/sql/native-new" ]; then
-
-        [ -e "${BASE_DIR}/doc/config/sql/native-new/postgres-new.sql" ] &&
-          cp "${BASE_DIR}/doc/config/sql/native-new/postgres-new.sql" "${MP_INIT_DB_CONCAT}"
-        [ -e "${BASE_DIR}/doc/config/sql/native-new/postgres-new-audit.sql" ] &&
-          cat "${BASE_DIR}/doc/config/sql/native-new/postgres-new-audit.sql" >>"${MP_INIT_DB_CONCAT}"
-        [ -e "${BASE_DIR}/doc/config/sql/native-new/postgres-new-quartz.sql" ] &&
-          cat "${BASE_DIR}/doc/config/sql/native-new/postgres-new-quartz.sql" >>"${MP_INIT_DB_CONCAT}"
+      if [ -e "${BASE_DIR}/doc/config/sql/native" ]; then
+
+        [ -e "${BASE_DIR}/doc/config/sql/native/postgres.sql" ] &&
+          cp "${BASE_DIR}/doc/config/sql/native/postgres.sql" "${MP_INIT_DB_CONCAT}"
+        [ -e "${BASE_DIR}/doc/config/sql/native/postgres-audit.sql" ] &&
+          cat "${BASE_DIR}/doc/config/sql/native/postgres-audit.sql" >>"${MP_INIT_DB_CONCAT}"
+        [ -e "${BASE_DIR}/doc/config/sql/native/postgres-quartz.sql" ] &&
+          cat "${BASE_DIR}/doc/config/sql/native/postgres-quartz.sql" >>"${MP_INIT_DB_CONCAT}"
       else
         echo "Location with sql init structure (source) have not been found..." >&2
         exit 1

gui/admin-gui/src/frontend/scss/midpoint.scss

@@ -1589,6 +1589,7 @@ fieldset.objectButtons {
 .details-panel-details-form {
   order: 2;
   flex-basis: 83%;
+  max-width: 83%;
   padding: 5px 20px 5px 20px;
 }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/RangePanelFactory.java

@@ -39,15 +39,17 @@ public void register() {
     protected InputPanel getPanel(PrismPropertyPanelContext<RangeType> panelCtx) {
         ItemName itemName = panelCtx.unwrapWrapperModel().getItemName();
 
+        boolean doubleType = false;
         double max;
         if (RoleAnalysisDetectionOptionType.F_FREQUENCY_RANGE.equals(itemName)) {
+            doubleType = true;
             max = 100.0;
         } else {
-            max = 1000.0;
+            max = 10000.0;
         }
 
         RangeSimplePanel rangeSliderPanel = new RangeSimplePanel(panelCtx.getComponentId(),
-                new PropertyModel<>(panelCtx.getItemWrapperModel(), "value"), max);
+                new PropertyModel<>(panelCtx.getItemWrapperModel(), "value"), max, doubleType);
         rangeSliderPanel.setOutputMarkupId(true);
         return rangeSliderPanel;
     }
@@ -59,10 +61,7 @@ public Integer getOrder() {
 
     @Override
     public void configure(PrismPropertyPanelContext<RangeType> panelCtx, org.apache.wicket.Component component) {
-        component.setEnabled(isEnable());
+        component.setEnabled(panelCtx.getVisibleEnableBehavior().isEnabled());
     }
 
-    public boolean isEnable() {
-        return true;
-    }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/AbstractPageObjectDetails.java

@@ -6,15 +6,10 @@
  */
 package com.evolveum.midpoint.gui.impl.page.admin;
 
-import static com.evolveum.midpoint.gui.impl.page.admin.role.mining.utils.RoleAnalysisObjectUtils.clusterMigrationRecompute;
-import static com.evolveum.midpoint.gui.impl.page.admin.role.mining.utils.RoleAnalysisObjectUtils.getRoleTypeObject;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import com.evolveum.midpoint.model.api.ModelService;
-
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.wicket.Component;
 import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -25,7 +20,6 @@
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.LoadableDetachableModel;
 import org.apache.wicket.model.PropertyModel;
-import org.apache.wicket.model.StringResourceModel;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
 import org.jetbrains.annotations.Nullable;
 
@@ -37,20 +31,16 @@
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
 import com.evolveum.midpoint.gui.impl.component.menu.DetailsNavigationPanel;
-import com.evolveum.midpoint.gui.impl.page.admin.abstractrole.AbstractRoleDetailsModel;
 import com.evolveum.midpoint.gui.impl.page.admin.component.OperationalButtonsPanel;
-import com.evolveum.midpoint.gui.impl.page.admin.role.mining.model.BusinessRoleApplicationDto;
 import com.evolveum.midpoint.gui.impl.page.admin.role.mining.model.BusinessRoleDto;
 import com.evolveum.midpoint.gui.impl.util.DetailsPageUtil;
-import com.evolveum.midpoint.model.api.ActivitySubmissionOptions;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.schema.GetOperationOptions;
 import com.evolveum.midpoint.schema.ObjectDeltaOperation;
 import com.evolveum.midpoint.schema.SelectorOptions;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.util.exception.CommonException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
@@ -243,37 +233,18 @@ protected void savePerformed(AjaxRequestTarget target) {
                 AbstractPageObjectDetails.this.savePerformed(target);
             }
 
-            @Override
-            protected void deleteConfirmPerformed(AjaxRequestTarget target) {
-                super.deleteConfirmPerformed(target);
-                AbstractPageObjectDetails.this.afterDeletePerformed(target);
-            }
-
             @Override
             protected boolean hasUnsavedChanges(AjaxRequestTarget target) {
                 return AbstractPageObjectDetails.this.hasUnsavedChanges(target);
             }
 
-            @Override
-            public StringResourceModel getSaveButtonTitle() {
-                return setSaveButtonTitle();
-            }
-
             @Override
             protected boolean isSaveButtonVisible() {
-                return super.isSaveButtonVisible() && !isHideSaveButton();
+                return super.isSaveButtonVisible();
             }
         };
     }
 
-    protected boolean isHideSaveButton() {
-        return false;
-    }
-
-    protected StringResourceModel setSaveButtonTitle() {
-        return ((PageBase) getPage()).createStringResource("PageBase.button.save");
-    }
-
     public boolean hasUnsavedChanges(AjaxRequestTarget target) {
         OperationResult result = new OperationResult(OPERATION_SAVE);
 
@@ -291,10 +262,6 @@ public boolean hasUnsavedChanges(AjaxRequestTarget target) {
         }
     }
 
-    public void afterDeletePerformed(AjaxRequestTarget target) {
-
-    }
-
     public void savePerformed(AjaxRequestTarget target) {
         OperationResult result = new OperationResult(OPERATION_SAVE);
         saveOrPreviewPerformed(target, result, false);
@@ -332,33 +299,8 @@ public Collection<ObjectDeltaOperation<? extends ObjectType>> saveOrPreviewPerfo
 
         LOGGER.trace("returning from saveOrPreviewPerformed");
 
-
-        Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas;
-        //TODO this isn't good place? It's not safe to just cast to any model, there might be others, like UserDetailsModel etc.
-        //if it's only related to roles, think about moving it to the role details page or so.
-        BusinessRoleApplicationDto patternDeltas = null;
-        if (getObjectDetailsModels() instanceof AbstractRoleDetailsModel abstractRoleDetailsModel) {
-            patternDeltas = abstractRoleDetailsModel.getPatternDeltas();
-        }
-
-        if (patternDeltas != null && !patternDeltas.getBusinessRoleDtos().isEmpty()) {
-            ModelService modelService = ((PageBase) getPage()).getModelService();
-            executedDeltas = new ObjectChangesExecutorImpl()
-                    .executeChanges(deltas, previewOnly, task, result, target);
-
-            String roleOid = ObjectDeltaOperation.findAddDeltaOidRequired(executedDeltas, RoleType.class);
-            clusterMigrationRecompute(result, patternDeltas.getCluster().getOid(), roleOid, ((PageBase) getPage()), task);
-
-            PrismObject<RoleType> roleObject = getRoleTypeObject(modelService, roleOid, result, task);
-
-            if (roleObject != null) {
-                executeMigrationTask(result, task, patternDeltas.getBusinessRoleDtos(), roleObject);
-            }
-
-        } else {
-            executedDeltas = executeChanges(deltas, previewOnly, options,
-                    task, result, target);
-        }
+        Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas = executeChanges(deltas, previewOnly,
+                options, task, result, target);
 
         if (!isShowedByWizard()) {
             postProcessResult(result, executedDeltas, target);
@@ -369,52 +311,6 @@ public Collection<ObjectDeltaOperation<? extends ObjectType>> saveOrPreviewPerfo
         return executedDeltas;
     }
 
-    private void executeMigrationTask(OperationResult result, Task task, List<BusinessRoleDto> patternDeltas, PrismObject<RoleType> roleObject) {
-        try {
-            ActivityDefinitionType activity = createActivity(patternDeltas, roleObject.getOid());
-
-            getModelInteractionService().submit(
-                    activity,
-                    ActivitySubmissionOptions.create()
-                            .withTaskTemplate(new TaskType()
-                                    .name("Migration role (" + roleObject.getName().toString() + ")"))
-                            .withArchetypes(
-                                    SystemObjectsType.ARCHETYPE_UTILITY_TASK.value()),
-                    task, result);
-
-        } catch (CommonException e) {
-            LOGGER.error("Failed to execute role {} migration activity: ", roleObject.getOid(), e);
-        }
-    }
-
-    private ActivityDefinitionType createActivity(List<BusinessRoleDto> patternDeltas, String roleOid) throws SchemaException {
-
-        ObjectReferenceType objectReferenceType = new ObjectReferenceType();
-        objectReferenceType.setType(RoleType.COMPLEX_TYPE);
-        objectReferenceType.setOid(roleOid);
-
-        RoleMembershipManagementWorkDefinitionType roleMembershipManagementWorkDefinitionType = new RoleMembershipManagementWorkDefinitionType();
-        roleMembershipManagementWorkDefinitionType.setRoleRef(objectReferenceType);
-
-        ObjectSetType members = new ObjectSetType();
-        for (BusinessRoleDto patternDelta : patternDeltas) {
-            if (!patternDelta.isInclude()) {
-                continue;
-            }
-
-            PrismObject<UserType> prismObjectUser = patternDelta.getPrismObjectUser();
-            ObjectReferenceType objectReferenceType1 = new ObjectReferenceType();
-            objectReferenceType1.setOid(prismObjectUser.getOid());
-            objectReferenceType1.setType(UserType.COMPLEX_TYPE);
-            members.getObjectRef().add(objectReferenceType1);
-        }
-        roleMembershipManagementWorkDefinitionType.setMembers(members);
-
-        return new ActivityDefinitionType()
-                .work(new WorkDefinitionsType()
-                        .roleMembershipManagement(roleMembershipManagementWorkDefinitionType));
-    }
-
     private void reloadObject(OperationResult result, Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas, AjaxRequestTarget target) {
         if (!result.isError()) {
             if (executedDeltas != null) {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/assignmentholder/PageAssignmentHolderDetails.java

@@ -13,15 +13,12 @@
 import java.util.List;
 import javax.xml.namespace.QName;
 
-import com.evolveum.midpoint.gui.impl.page.admin.role.mining.model.BusinessRoleDto;
-
-import com.evolveum.midpoint.gui.impl.util.DetailsPageUtil;
-
 import org.apache.commons.lang3.StringUtils;
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.panel.Fragment;
+import org.apache.wicket.markup.repeater.RepeatingView;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.LoadableDetachableModel;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
@@ -41,6 +38,8 @@
 import com.evolveum.midpoint.gui.impl.page.admin.DetailsFragment;
 import com.evolveum.midpoint.gui.impl.page.admin.TemplateChoicePanel;
 import com.evolveum.midpoint.gui.impl.page.admin.component.AssignmentHolderOperationalButtonsPanel;
+import com.evolveum.midpoint.gui.impl.page.admin.role.mining.model.BusinessRoleDto;
+import com.evolveum.midpoint.gui.impl.util.DetailsPageUtil;
 import com.evolveum.midpoint.gui.impl.util.ObjectCollectionViewUtil;
 import com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView;
 import com.evolveum.midpoint.prism.Containerable;
@@ -203,13 +202,31 @@ protected void savePerformed(AjaxRequestTarget target) {
                 PageAssignmentHolderDetails.this.savePerformed(target);
             }
 
+            @Override
+            protected void addButtons(RepeatingView repeatingView) {
+                addAdditionalButtons(repeatingView);
+            }
+
+            @Override
+            protected void deleteConfirmPerformed(AjaxRequestTarget target) {
+                super.deleteConfirmPerformed(target);
+                PageAssignmentHolderDetails.this.afterDeletePerformed(target);
+            }
+
             @Override
             protected boolean hasUnsavedChanges(AjaxRequestTarget target) {
                 return PageAssignmentHolderDetails.this.hasUnsavedChanges(target);
             }
         };
     }
 
+    protected void afterDeletePerformed(AjaxRequestTarget target) {
+
+    }
+
+    protected void addAdditionalButtons(RepeatingView repeatingView) {
+    }
+
     protected AHDM createObjectDetailsModels(PrismObject<AH> object) {
         //noinspection unchecked
         return (AHDM) new AssignmentHolderDetailsModel<>(createPrismObjectModel(object), this);