Merge branch 'master' into feature/password-hash

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/ObjectListPanel.java

@@ -237,60 +237,20 @@ protected List<IColumn<SelectableBean<O>, String>> getCustomColumnsTransformed(L
 		if (customColumns == null || customColumns.size() == 0){
 			return columns;
 		}
-//		GuiObjectColumnType firstColumn = null;
-//		List<GuiObjectColumnType> unorderedColumns = new ArrayList<>();
-//		while (customColumns.size() > 0){
-//			GuiObjectColumnType customColumn = customColumns.get(0);
-//			if (firstColumn == null && StringUtils.isEmpty(customColumn.getPreviousColumn())){
-//				firstColumn = customColumn;
-//				customColumns.remove(customColumn);
-//			} else if (StringUtils.isEmpty(customColumn.getPreviousColumn())){
-//				unorderedColumns.add(customColumn);
-//				customColumns.remove(customColumn);
-//			}
-//		}
-//		if (firstColumn == null){
-//			if (unorderedColumns.size() > 0){
-//				firstColumn = unorderedColumns.get(0);
-//				unorderedColumns.remove(0);
-//			} else {
-//				firstColumn = customColumns.get(0);
-//				customColumns.remove(0);
-//			}
-//		}
-//		IColumn<SelectableBean<O>, String> column = new PropertyColumn(Model.of(firstColumn.getDisplay().getLabel()),
-//				null, SelectableBean.F_VALUE + "." + firstColumn.getPath());
-//		columns.add(column);
-//
-//		GuiObjectColumnType previousColumn = firstColumn;
-//		while (customColumns.size() > 0){
-//			GuiObjectColumnType currentCustomColumn = null;
-//			for (GuiObjectColumnType customColumn : customColumns){
-//				if (customColumn.getPreviousColumn() != null &&
-//						customColumn.getPreviousColumn().equals(previousColumn.getName())){
-//					currentCustomColumn = customColumn;
-//					customColumns.remove(customColumn);
-//					break;
-//				}
-//			}
-//			if (currentCustomColumn != null) {
-//				column = new PropertyColumn(Model.of(currentCustomColumn.getDisplay().getLabel()), null,
-//						SelectableBean.F_VALUE + "." + currentCustomColumn.getPath());
-//				columns.add(column);
-//			}
-//		}
 		IColumn<SelectableBean<O>, String> column;
 		for (GuiObjectColumnType customColumn : customColumns){
-			if (customColumns.indexOf(customColumn) == 0){
-				column = createNameColumn(customColumn.getDisplay() != null && customColumn.getDisplay().getLabel() != null ?
-						Model.of(customColumn.getDisplay().getLabel()) : createStringResource(getItemDisplayName(customColumn)),
-						customColumn.getPath().toString());
-			} else{
-				column = new PropertyColumn(customColumn.getDisplay() != null && customColumn.getDisplay().getLabel() != null ?
-						Model.of(customColumn.getDisplay().getLabel()) : createStringResource(getItemDisplayName(customColumn)), null,
-						SelectableBean.F_VALUE + "." + customColumn.getPath());
+			if (WebComponentUtil.getElementVisibility(customColumn.getVisibility())) {
+				if (customColumns.indexOf(customColumn) == 0) {
+					column = createNameColumn(customColumn.getDisplay() != null && customColumn.getDisplay().getLabel() != null ?
+									Model.of(customColumn.getDisplay().getLabel()) : createStringResource(getItemDisplayName(customColumn)),
+							customColumn.getPath().toString());
+				} else {
+					column = new PropertyColumn(customColumn.getDisplay() != null && customColumn.getDisplay().getLabel() != null ?
+							Model.of(customColumn.getDisplay().getLabel()) : createStringResource(getItemDisplayName(customColumn)), null,
+							SelectableBean.F_VALUE + "." + customColumn.getPath());
+				}
+				columns.add(column);
 			}
-			columns.add(column);
 		}
 		return columns;
 	}

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java

@@ -1277,17 +1277,16 @@ private MainMenuItem createCertificationItems() {
 	private MainMenuItem createConfigurationItems() {
 		MainMenuItem item = new MainMenuItem("fa fa-cog", createStringResource("PageAdmin.menu.top.configuration"),
 				null);
+		item.setInsertDefaultBackBreadcrumb(false);
 
 		List<MenuItem> submenu = item.getItems();
 
 		MenuItem menu = new MenuItem(createStringResource("PageAdmin.menu.top.configuration.bulkActions"),
 				PageBulkAction.class);
 		submenu.add(menu);
 
-        PageParameters pageImportParams = new PageParameters();
-        pageImportParams.add(PageImportObject.FROM_MENU_ITEM_PARAM, PageImportObject.FROM_MENU_ITEM_PARAM_TRUE_VALUE);
-        menu = new MenuItem(createStringResource("PageAdmin.menu.top.configuration.importObject"),
-				PageImportObject.class, pageImportParams, null);
+		menu = new MenuItem(createStringResource("PageAdmin.menu.top.configuration.importObject"),
+				PageImportObject.class, null, null);
 		submenu.add(menu);
 		menu = new MenuItem(createStringResource("PageAdmin.menu.top.configuration.repositoryObjects"),
 				PageDebugList.class);
@@ -1670,11 +1669,22 @@ public DeploymentInformationType loadDeploymentInformationType() {
             return deploymentInformationType;
     }
 
+    public boolean canRedirectBack() {
+		List<Breadcrumb> breadcrumbs = getBreadcrumbs();
+		// first is icon (non clickable), last is for "current page" and if there
+		// is nothing in between then we don't know where to redirect
+		if (breadcrumbs.size() < 3) {
+			return false;
+		}
+
+		return true;
+	}
+
 	public Breadcrumb redirectBack() {
 		List<Breadcrumb> breadcrumbs = getBreadcrumbs();
-		if (breadcrumbs.size() < 2) {
+		if (!canRedirectBack()) {
 			setResponsePage(getMidpointApplication().getHomePage());
-			
+
 			return null;
 		}
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java

@@ -41,10 +41,12 @@
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.namespace.QName;
 
+import com.evolveum.midpoint.gui.api.PredefinedDashboardWidgetId;
 import com.evolveum.midpoint.gui.api.SubscriptionType;
 import com.evolveum.midpoint.schema.GetOperationOptions;
 import com.evolveum.midpoint.schema.SelectorOptions;
 import com.evolveum.midpoint.web.util.ObjectTypeGuiDescriptor;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
 import org.apache.commons.lang.math.NumberUtils;
@@ -167,38 +169,6 @@
 import com.evolveum.midpoint.web.util.DateValidator;
 import com.evolveum.midpoint.web.util.InfoTooltipBehavior;
 import com.evolveum.midpoint.web.util.OnePageParameterEncoder;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationDefinitionType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AvailabilityStatusType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.MisfireActionType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationalStateType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ReportType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ScheduleType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskBindingType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskExecutionStatusType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskRecurrenceType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ThreadStopActionType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemType;
 import com.evolveum.prism.xml.ns._public.query_3.QueryType;
 import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
@@ -1932,4 +1902,27 @@ public static void setSelectedTabFromPageParameters(TabbedPanel tabbed, PagePara
 
 		tabbed.setSelectedTab(tabIndex);
 	}
+
+	public static boolean getElementVisibility(UserInterfaceElementVisibilityType visibilityType){
+		return getElementVisibility(visibilityType, new ArrayList<>());
+	}
+
+	public static boolean getElementVisibility(UserInterfaceElementVisibilityType visibilityType, List<String> requiredAuthorizations){
+		if (UserInterfaceElementVisibilityType.HIDDEN.equals(visibilityType) ||
+				UserInterfaceElementVisibilityType.VACANT.equals(visibilityType)){
+			return false;
+		}
+		if (UserInterfaceElementVisibilityType.VISIBLE.equals(visibilityType)){
+			return true;
+		}
+		if (UserInterfaceElementVisibilityType.AUTOMATIC.equals(visibilityType)){
+			if (WebComponentUtil.isAuthorized(requiredAuthorizations)){
+				return true;
+			} else {
+				return false;
+			}
+		}
+		return true;
+	}
+
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java

@@ -25,8 +25,10 @@
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.web.security.MidPointApplication;
+import com.evolveum.midpoint.web.util.ExactMatchMountedMapper;
 import com.evolveum.midpoint.xml.ns._public.gui.admin_1.DescriptorType;
 import com.evolveum.midpoint.xml.ns._public.gui.admin_1.ObjectFactory;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.wicket.core.request.mapper.MountedMapper;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder;
@@ -133,48 +135,80 @@ private void scanPackagesForPages(List<String> packages, MidPointApplication app
     }
 
     private void loadActions(PageDescriptor descriptor) {
-        for (String url : descriptor.url()) {
-            List<AuthorizationActionValue> actions = new ArrayList<>();
+        List<AuthorizationActionValue> actions = new ArrayList<>();
 
-            //avoid of setting guiAll authz for "public" pages (e.g. login page)
-            if (descriptor.action() == null || descriptor.action().length == 0) {
-                return;
-            }
+        //avoid of setting guiAll authz for "public" pages (e.g. login page)
+        if (descriptor.action() == null || descriptor.action().length == 0) {
+            return;
+        }
 
-            boolean canAccess = true;
+        boolean canAccess = true;
 
-            for (AuthorizationAction action : descriptor.action()) {
-                actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description()));
-                if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) {
-                    canAccess = false;
-                    break;
-                }
+        for (AuthorizationAction action : descriptor.action()) {
+            actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description()));
+            if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) {
+                canAccess = false;
+                break;
             }
+        }
 
-            //add http://.../..#guiAll authorization only for displayable pages, not for pages used for development..
-            if (canAccess) {
+        //add http://.../..#guiAll authorization only for displayable pages, not for pages used for development..
+        if (canAccess) {
 
-                actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL,
-                        AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
-                actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL,
-                        AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
+            actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL,
+                    AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
+            actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL,
+                    AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
+        }
+
+        for (String url : descriptor.url()) {
+            this.actions.put(buildPrefixUrl(url), actions.toArray(new DisplayableValue[actions.size()]));
+        }
+
+        for (Url url : descriptor.urls()) {
+            String urlForSecurity = url.matchUrlForSecurity();
+            if (StringUtils.isEmpty(urlForSecurity)) {
+                urlForSecurity = buildPrefixUrl(url.mountUrl());
             }
-            this.actions.put(url, actions.toArray(new DisplayableValue[actions.size()]));
+            this.actions.put(urlForSecurity, actions.toArray(new DisplayableValue[actions.size()]));
+        }
+    }
+
+    public String buildPrefixUrl(String url) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(url);
+
+        if (!url.endsWith("/")) {
+            sb.append("/");
         }
+        sb.append("**");
+
+        return sb.toString();
     }
 
     private void mountPage(PageDescriptor descriptor, Class clazz, MidPointApplication application)
             throws InstantiationException, IllegalAccessException {
 
+        //todo remove for cycle later
         for (String url : descriptor.url()) {
             IPageParametersEncoder encoder = descriptor.encoder().newInstance();
 
             LOGGER.trace("Mounting page '{}' to url '{}' with encoder '{}'.", new Object[]{
                     clazz.getName(), url, encoder.getClass().getSimpleName()});
 
-            application.mount(new MountedMapper(url, clazz, encoder));
+            application.mount(new ExactMatchMountedMapper(url, clazz, encoder));
             urlClassMap.put(url, clazz);
         }
+
+        for (Url url : descriptor.urls()) {
+            IPageParametersEncoder encoder = descriptor.encoder().newInstance();
+
+            LOGGER.trace("Mounting page '{}' to url '{}' with encoder '{}'.", new Object[]{
+                    clazz.getName(), url, encoder.getClass().getSimpleName()});
+
+            application.mount(new ExactMatchMountedMapper(url.mountUrl(), clazz, encoder));
+            urlClassMap.put(url.mountUrl(), clazz);
+        }
     }
 
 	@Override

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/PageDescriptor.java

@@ -16,8 +16,8 @@
 
 package com.evolveum.midpoint.web.application;
 
-import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder;
 import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder;
+import org.apache.wicket.request.mapper.parameter.PageParametersEncoder;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -28,9 +28,16 @@
 @Retention(RetentionPolicy.RUNTIME)
 public @interface PageDescriptor {
 
-    String[] url();
+    /**
+     * Please use {@link PageDescriptor#urls()}
+     * @return
+     */
+    @Deprecated
+    String[] url() default {};
 
-    Class<? extends IPageParametersEncoder> encoder() default MidPointPageParametersEncoder.class;
+    Url[] urls() default {};
+
+    Class<? extends IPageParametersEncoder> encoder() default PageParametersEncoder.class;
 
     AuthorizationAction[] action() default {};
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/Url.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2010-2017 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.web.application;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ * @author lazyman
+ */
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Url {
+
+    String mountUrl();
+
+    /**
+     * If empty {@link Url#mountUrl()} + "/**" will be used for URL ant pattern matching in security configuration.
+     * See {@link DescriptorLoader}, {@link com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator}.
+     */
+    String matchUrlForSecurity() default "";
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/MainMenuItem.java

@@ -33,6 +33,7 @@ public class MainMenuItem extends BaseMenuItem {
     public static final String F_ICON_CLASS = "iconClass";
     public static final String F_BUBBLE_LABEL = "bubbleLabel";
 
+    private boolean insertDefaultBackBreadcrumb = true;
     private String iconClass;
     private List<MenuItem> items;
 
@@ -70,4 +71,12 @@ public List<MenuItem> getItems() {
     public String getBubbleLabel() {
     	return null;
     }
+
+    public boolean isInsertDefaultBackBreadcrumb() {
+        return insertDefaultBackBreadcrumb;
+    }
+
+    public void setInsertDefaultBackBreadcrumb(boolean insertDefaultBackBreadcrumb) {
+        this.insertDefaultBackBreadcrumb = insertDefaultBackBreadcrumb;
+    }
 }