Merge branch 'tmp/autz-type-fix'

config/initial-objects/role/043-role-delegator.xml

@@ -58,7 +58,7 @@
             <type>ShadowType</type>
         </object>
     </authorization>
-        <authorization>
+    <authorization>
         <name>delegator-read-delagate-assignments</name>
         <description>
             Authorization to read the assignments and assignment-related items from my delegates.

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/HeterogenousContainerWrapperFactory.java

@@ -67,10 +67,10 @@ public boolean match(ItemDefinition<?> itemDef) {
             return true;
         }
 
-        if (AuthorizationParentSelectorType.COMPLEX_TYPE.equals(typeName)
-                && itemDef.getItemName().equivalent(AuthorizationObjectSelectorType.F_PARENT)) {
-            // The AuthorizationObjectSelectorType#parent points back to AuthorizationObjectSelectorType
-            // (via AuthorizationParentSelectorType), so normally an endless recursion would occur here.
+        if (ObjectParentSelectorType.COMPLEX_TYPE.equals(typeName)
+                && itemDef.getItemName().equivalent(ObjectSelectorType.F_PARENT)) {
+            // The ObjectSelectorType#parent points back to ObjectSelectorType
+            // (via ObjectParentSelectorType), so normally an endless recursion would occur here.
             // Therefore, we treat it as a heterogeneous container. At least for now.
             //
             // TODO review this; see MID-8910.

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilteringContext.java

@@ -129,12 +129,12 @@ public boolean maySkipOnSearch() {
     }
 
     /**
-     * Creates a sub-context when evaluating embedded selector (e.g. `assignee`).
+     * Creates a sub-context when evaluating embedded selector (e.g. `parent`).
      *
-     * @see MatchingContext#child(String, String)
-     * @see MatchingContext#child(DelegatorSelection, String, String)
+     * @see MatchingContext#next(String, String)
+     * @see MatchingContext#next(DelegatorSelection, String, String)
      */
-    public @NotNull FilteringContext child(
+    public @NotNull FilteringContext next(
             @NotNull Class<?> filterType,
             @NotNull FilterCollector filterCollector,
             @Nullable ObjectFilter originalFilter,

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingContext.java

@@ -46,7 +46,7 @@ public MatchingContext(
                 delegatorSelection);
     }
 
-    public @NotNull MatchingContext child(
+    public @NotNull MatchingContext next(
             @NotNull DelegatorSelection delegatorSelection, @NotNull String idDelta, @NotNull String textDelta) {
         return new MatchingContext(
                 filterEvaluator,
@@ -59,7 +59,7 @@ public MatchingContext(
                 delegatorSelection);
     }
 
-    public @NotNull MatchingContext child(@NotNull String idDelta, @NotNull String textDelta) {
+    public @NotNull MatchingContext next(@NotNull String idDelta, @NotNull String textDelta) {
         return new MatchingContext(
                 filterEvaluator,
                 tracer,

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SelectorProcessingContext.java

@@ -69,7 +69,7 @@ public abstract class SelectorProcessingContext {
     /**
      * Interpretation of `self` clause for the current evaluation.
      *
-     * @see MatchingContext#child(DelegatorSelection, String, String)
+     * @see MatchingContext#next(DelegatorSelection, String, String)
      * @see #getSelfOids()
      */
     @NotNull final DelegatorSelection delegatorSelection;

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java

@@ -91,4 +91,9 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "oids", archetypeOids, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "ArchetypeRefClause{archetypeOids=" + archetypeOids + "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java

@@ -54,7 +54,7 @@ public boolean matches(@NotNull PrismValue value, @NotNull MatchingContext ctx)
         }
         var assignees = getAssignees(realValue, ctx);
         if (!assignees.isEmpty()) {
-            var childCtx = ctx.child(getDelegatorSelectionMode(realValue), "a", "assignee");
+            var childCtx = ctx.next(getDelegatorSelectionMode(realValue), "a", "assignee");
             for (PrismObject<? extends ObjectType> assignee : assignees) {
                 assert assignee != null;
                 if (selector.matches(assignee.getValue(), childCtx)) {
@@ -166,4 +166,9 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "selector", selector, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "AssigneeClause{selector=" + selector + "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/CandidateAssigneeClause.java

@@ -135,4 +135,11 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "selector", selector, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "CandidateAssigneeClause{" +
+                "selector=" + selector +
+                "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java

@@ -54,14 +54,14 @@ public boolean matches(@NotNull PrismValue value, @NotNull MatchingContext ctx)
             // Currently, we support only "self" delegator selector clause
             throw new UnsupportedOperationException("Unsupported non-self delegator clause");
         }
-        if (!(object instanceof UserType)) {
+        if (!(object instanceof UserType user)) {
             traceNotApplicable(ctx, "object is not a user");
             return false;
         }
 
         String principalOid = ctx.getPrincipalOid();
         if (principalOid != null) {
-            for (ObjectReferenceType objectDelegatedRef : ((UserType) object).getDelegatedRef()) {
+            for (ObjectReferenceType objectDelegatedRef : user.getDelegatedRef()) {
                 if (principalOid.equals(objectDelegatedRef.getOid())) {
                     return true;
                 }
@@ -99,4 +99,12 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         DebugUtil.debugDumpWithLabelLn(sb, "allowInactive", allowInactive, indent + 1);
         DebugUtil.debugDumpWithLabel(sb, "selector", selector, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "DelegatorClause{" +
+                "selector=" + selector +
+                ", allowInactive=" + allowInactive +
+                "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java

@@ -146,4 +146,9 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "filter", filter, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "FilterClause{filter=" + filter + "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java

@@ -47,8 +47,7 @@ static OrgRefClause of(@NotNull ObjectReferenceType orgRef) throws Configuration
     public boolean matches(@NotNull PrismValue value, @NotNull MatchingContext ctx)
             throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException,
             ConfigurationException, ObjectNotFoundException {
-        Object realValue = value.getRealValueIfExists();
-        ObjectType objectBean = realValue instanceof ObjectType ? ((ObjectType) realValue) : null;
+        ObjectType objectBean = value.getRealValueIfExists() instanceof ObjectType object ? object : null;
         if (objectBean != null) {
             if (ctx.orgTreeEvaluator.isDescendant(objectBean.asPrismObject(), orgOid)) {
                 return true;
@@ -76,4 +75,9 @@ public boolean toFilter(@NotNull FilteringContext ctx) throws SchemaException {
     void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("org: ").append(orgOid);
     }
+
+    @Override
+    public String toString() {
+        return "OrgRefClause{orgOid='" + orgOid + '\'' + "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java

@@ -84,16 +84,12 @@ private boolean matchesOrgRelation(
             return true;
         }
         OrgScopeType scope = Objects.requireNonNullElse(bean.getScope(), OrgScopeType.ALL_DESCENDANTS);
-        switch (scope) {
-            case ALL_DESCENDANTS:
-                return ctx.orgTreeEvaluator.isDescendant(object.asPrismObject(), subjectParentOrgRef.getOid());
-            case DIRECT_DESCENDANTS:
-                return hasParentOrgRef(object.asPrismObject(), subjectParentOrgRef.getOid());
-            case ALL_ANCESTORS:
-                return ctx.orgTreeEvaluator.isAncestor(object.asPrismObject(), subjectParentOrgRef.getOid());
-            default:
-                throw new UnsupportedOperationException("Unknown orgRelation scope " + scope);
-        }
+        return switch (scope) {
+            case ALL_DESCENDANTS -> ctx.orgTreeEvaluator.isDescendant(object.asPrismObject(), subjectParentOrgRef.getOid());
+            case DIRECT_DESCENDANTS -> hasParentOrgRef(object.asPrismObject(), subjectParentOrgRef.getOid());
+            case ALL_ANCESTORS -> ctx.orgTreeEvaluator.isAncestor(object.asPrismObject(), subjectParentOrgRef.getOid());
+            case NONE -> false;
+        };
     }
 
     private boolean hasParentOrgRef(PrismObject<? extends ObjectType> object, String oid) {
@@ -110,9 +106,9 @@ private boolean hasParentOrgRef(PrismObject<? extends ObjectType> object, String
     public boolean toFilter(@NotNull FilteringContext ctx) throws SchemaException {
         ObjectFilter conjunct = null;
         QName subjectRelation = bean.getSubjectRelation();
-        FocusType principalFocus = ctx.getPrincipalFocus();
-        if (principalFocus != null) {
-            for (ObjectReferenceType subjectParentOrgRef : principalFocus.getParentOrgRef()) {
+        FocusType subject = ctx.getPrincipalFocus();
+        if (subject != null) {
+            for (ObjectReferenceType subjectParentOrgRef : subject.getParentOrgRef()) {
                 if (PrismContext.get().relationMatches(subjectRelation, subjectParentOrgRef.getRelation())) {
                     S_FilterEntryOrEmpty q = PrismContext.get().queryFor(ObjectType.class);
                     S_FilterExit q2;
@@ -123,6 +119,8 @@ public boolean toFilter(@NotNull FilteringContext ctx) throws SchemaException {
                         q2 = q.isDirectChildOf(subjectParentOrgRef.getOid());
                     } else if (scope == OrgScopeType.ALL_ANCESTORS) {
                         q2 = q.isParentOf(subjectParentOrgRef.getOid());
+                    } else if (scope == OrgScopeType.NONE) {
+                        q2 = q.none();
                     } else {
                         throw new UnsupportedOperationException("Unknown orgRelation scope " + scope);
                     }
@@ -145,4 +143,11 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "specification", bean, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "OrgRelationClause{" +
+                "bean=" + bean +
+                "}";
+    }
 }

infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java

@@ -64,7 +64,7 @@ public boolean matches(@NotNull PrismValue value, @NotNull MatchingContext ctx)
             return false;
         }
         boolean matches =
-                selector.matches(owner.getValue(), ctx.child("o", "owner"));
+                selector.matches(owner.getValue(), ctx.next("o", "owner"));
         traceApplicability(ctx, matches, "owner (%s) matches: %s", owner, matches);
         return matches;
     }
@@ -74,9 +74,9 @@ public boolean toFilter(@NotNull FilteringContext ctx) {
         // TODO: MID-3899
         // TODO what if owner is specified not as "self" ?
         if (TaskType.class.isAssignableFrom(ctx.getRestrictedType())) {
-            FocusType principal = ctx.getPrincipalFocus();
-            if (principal != null) {
-                addConjunct(ctx, applyOwnerFilterOwnerRef(principal));
+            FocusType subject = ctx.getPrincipalFocus();
+            if (subject != null) {
+                addConjunct(ctx, applyOwnerFilterOwnerRef(subject));
                 return true;
             } else {
                 traceNotApplicable(ctx, "no principal");
@@ -89,11 +89,11 @@ public boolean toFilter(@NotNull FilteringContext ctx) {
     }
 
     // TODO review this legacy code
-    private ObjectFilter applyOwnerFilterOwnerRef(FocusType principalFocus) {
+    private ObjectFilter applyOwnerFilterOwnerRef(@NotNull FocusType subject) {
         S_FilterExit builder = PrismContext.get().queryFor(TaskType.class)
-                .item(TaskType.F_OWNER_REF).ref(principalFocus.getOid());
-        // TODO don't understand this code
-        for (ObjectReferenceType subjectParentOrgRef : principalFocus.getParentOrgRef()) {
+                .item(TaskType.F_OWNER_REF).ref(subject.getOid());
+        // We select also tasks that are owned by any of subject's parent orgs - TODO why?
+        for (ObjectReferenceType subjectParentOrgRef : subject.getParentOrgRef()) {
             if (PrismContext.get().isDefaultRelation(subjectParentOrgRef.getRelation())) {
                 builder = builder.or().item(TaskType.F_OWNER_REF).ref(subjectParentOrgRef.getOid());
             }
@@ -106,4 +106,11 @@ void addDebugDumpContent(StringBuilder sb, int indent) {
         sb.append("\n");
         DebugUtil.debugDumpWithLabel(sb, "selector", selector, indent + 1);
     }
+
+    @Override
+    public String toString() {
+        return "OwnerClause{" +
+                "selector=" + selector +
+                "}";
+    }
 }