Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · Apr 24, 2017 · f4e4ce1 · f4e4ce1
2 parents 00c8630 + 3c6b19b
commit f4e4ce1
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 23 deletions.
diff --git a/.../src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentCatalogPanel.java b/.../src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentCatalogPanel.java
@@ -24,6 +24,7 @@
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.query.*;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
@@ -442,10 +443,7 @@ protected ObjectQuery createContentQuery(ObjectQuery searchQuery) {
                 addOrgMembersFilter(oid, memberQuery);
             }
         }
-        if (AssignmentViewType.ROLE_CATALOG_VIEW.equals(AssignmentViewType.getViewTypeFromSession(pageBase))
-                || AssignmentViewType.ROLE_TYPE.equals(AssignmentViewType.getViewTypeFromSession(pageBase))) {
-            addAssignableRolesFilter(memberQuery);
-        }
+        addAssignableRolesFilter(memberQuery);
         addViewTypeFilter(memberQuery);
         if (memberQuery == null) {
             memberQuery = new ObjectQuery();
@@ -463,12 +461,16 @@ protected ObjectQuery createContentQuery(ObjectQuery searchQuery) {
     }
 
     private void addViewTypeFilter(ObjectQuery query) {
+        ObjectFilter prependedAndFilter = null;
         if (AssignmentViewType.ORG_TYPE.equals(AssignmentViewType.getViewTypeFromSession(pageBase))){
-            query.addFilter(TypeFilter.createType(OrgType.COMPLEX_TYPE, query.getFilter()));
+            prependedAndFilter = ObjectQueryUtil.filterAnd(TypeFilter.createType(OrgType.COMPLEX_TYPE, null), query.getFilter());
+            query.addFilter(prependedAndFilter);
         } else if (AssignmentViewType.ROLE_TYPE.equals(AssignmentViewType.getViewTypeFromSession(pageBase))){
-            query.addFilter(TypeFilter.createType(RoleType.COMPLEX_TYPE, query.getFilter()));
+            prependedAndFilter = ObjectQueryUtil.filterAnd(TypeFilter.createType(RoleType.COMPLEX_TYPE, null), query.getFilter());
+            query.addFilter(prependedAndFilter);
         } else if (AssignmentViewType.SERVICE_TYPE.equals(AssignmentViewType.getViewTypeFromSession(pageBase))){
-            query.addFilter(TypeFilter.createType(ServiceType.COMPLEX_TYPE, query.getFilter()));
+            prependedAndFilter = ObjectQueryUtil.filterAnd(TypeFilter.createType(ServiceType.COMPLEX_TYPE, null), query.getFilter());
+            query.addFilter(prependedAndFilter);
         }
     }
 
@@ -493,8 +495,7 @@ private void addAssignableRolesFilter(ObjectQuery query) {
         if (query == null) {
             query = new ObjectQuery();
         }
-        query.addFilter(TypeFilter.createType(RoleType.COMPLEX_TYPE, filter));
-
+        query.addFilter(filter);
     }
 
     private ObjectQuery addOrgMembersFilter(String oid, ObjectQuery query) {

diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java
@@ -243,8 +243,11 @@ public class TestSecurity extends AbstractInitializedModelIntegrationTest {
 	protected static final File ROLE_LIMITED_USER_ADMIN_FILE = new File(TEST_DIR, "role-limited-user-admin.xml");
 	protected static final String ROLE_LIMITED_USER_ADMIN_OID = "66ee3a78-1b8a-11e7-aac6-5f43a0a86116";
 
-	protected static final File ROLE_END_USER_REQUESTABLE_ORGS_FILE = new File(TEST_DIR,"role-end-user-requestable-orgs.xml");
-	protected static final String ROLE_END_USER_REQUESTABLE_ORGS_OID = "9434bf5b-c088-456f-9286-84a1e5a0223c";
+	protected static final File ROLE_END_USER_REQUESTABLE_ABSTACTROLES_FILE = new File(TEST_DIR,"role-end-user-requestable-abstractroles.xml");
+	protected static final String ROLE_END_USER_REQUESTABLE_ABSTACTROLES_OID = "9434bf5b-c088-456f-9286-84a1e5a0223c";
+
+	protected static final File ORG_REQUESTABLE_FILE = new File(TEST_DIR,"org-requestable.xml");
+	protected static final String ORG_REQUESTABLE_OID = "8f2bd344-a46c-4c0b-aa34-db08b7d7f7f2";
 
 	private static final String LOG_PREFIX_FAIL = "SSSSS=X ";
 	private static final String LOG_PREFIX_ATTEMPT = "SSSSS=> ";
@@ -317,7 +320,9 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		repoAddObjectFromFile(ROLE_ROLE_OWNER_FULL_CONTROL_FILE, initResult);
 		repoAddObjectFromFile(ROLE_ROLE_OWNER_ASSIGN_FILE, initResult);
 
-		repoAddObjectFromFile(ROLE_END_USER_REQUESTABLE_ORGS_FILE, initResult);
+		repoAddObjectFromFile(ROLE_END_USER_REQUESTABLE_ABSTACTROLES_FILE, initResult);
+
+		repoAddObjectFromFile(ORG_REQUESTABLE_FILE, initResult);
 
 		assignOrg(USER_GUYBRUSH_OID, ORG_SWASHBUCKLER_SECTION_OID, initTask, initResult);
 
@@ -2341,37 +2346,51 @@ public void run(Task task, OperationResult result) throws Exception {
 	}
 
 	/**
-	 * MID-3636
+	 * MID-3636 partially
 	 */
 	@Test(enabled=false)
 	public void test275bAutzJackAssignRequestableOrgs() throws Exception {
 		final String TEST_NAME = "test275bAutzJackAssignRequestableOrgs";
 		TestUtil.displayTestTile(this, TEST_NAME);
 		// GIVEN
 		cleanupAutzTest(USER_JACK_OID);
-		assignRole(USER_JACK_OID, ROLE_END_USER_REQUESTABLE_ORGS_OID);
+		assignRole(USER_JACK_OID, ROLE_END_USER_REQUESTABLE_ABSTACTROLES_OID);
 
 		assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
 
 		login(USER_JACK_USERNAME);
 
 		// WHEN
 		TestUtil.displayWhen(TEST_NAME);
-
-
 		PrismObject<UserType> user = getUser(USER_JACK_OID);
 		assertAssignments(user, 2);
-		assertAssignedRole(user, ROLE_END_USER_REQUESTABLE_ORGS_OID);
+		assertAssignedRole(user, ROLE_END_USER_REQUESTABLE_ABSTACTROLES_OID);
+
+		assertAllow("assign requestable org to jack", new Attempt() {
+			@Override
+			public void run(Task task, OperationResult result) throws Exception {
+				assignOrg(USER_JACK_OID, ORG_REQUESTABLE_OID, task, result);
+			}
+		});
+		user = getUser(USER_JACK_OID);
+		assertAssignments(user, OrgType.class,1);
+
+		RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
+		assertRoleTypes(spec);
 
 		ObjectQuery query = new ObjectQuery();
-		EqualFilter equalFilter = EqualFilter.createEqual(new ItemPath(AbstractRoleType.F_REQUESTABLE),null,null, user.getPrismContext(),true);
 
-		ObjectFilter filterRoleTypeRequestable=TypeFilter.createType(RoleType.COMPLEX_TYPE, equalFilter);
-		ObjectFilter filterOrgTypeRequestable=TypeFilter.createType(OrgType.COMPLEX_TYPE, equalFilter);
-		ObjectFilter orFilter =  ObjectQueryUtil.filterOr(filterRoleTypeRequestable,filterOrgTypeRequestable);
-		query.addFilter(TypeFilter.createType(RoleType.COMPLEX_TYPE, orFilter));
+		query.addFilter(spec.getFilter());
+		assertSearch(AbstractRoleType.class, query, 6); // set to 6 with requestable org
 
-		assertSearch(AbstractRoleType.class, query, 1);
+		assertAllow("unassign business role from jack", new Attempt() {
+			@Override
+			public void run(Task task, OperationResult result) throws Exception {
+				unassignOrg(USER_JACK_OID, ORG_REQUESTABLE_OID, task, result);
+			}
+		});
+		user = getUser(USER_JACK_OID);
+		assertAssignments(user, OrgType.class,0);
 
 		assertGlobalStateUntouched();
 	}

diff --git a/model/model-intest/src/test/resources/security/org-requestable.xml b/model/model-intest/src/test/resources/security/org-requestable.xml
@@ -0,0 +1,11 @@
+<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+     xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+     xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+     xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+     xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+     oid="8f2bd344-a46c-4c0b-aa34-db08b7d7f7f2"
+     version="0">
+   <name>Org which is requestable</name>
+   <requestable>true</requestable>
+</org>
diff --git a/...curity/role-end-user-requestable-orgs.xml → ...le-end-user-requestable-abstractroles.xml b/...curity/role-end-user-requestable-orgs.xml → ...le-end-user-requestable-abstractroles.xml
@@ -127,6 +127,7 @@
     	    Otherwise they will be assigned automatically wihout any approval. 
     	</description>
       <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign</action>
+	   <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign</action>
       <phase>request</phase>
       <object>
          <special>self</special>