Add support for candidate roles in role-mining

From this version, the role mining manager does not start the migration to a business role directly in the step of creating this business role or processing detected patterns. This process is divided into three steps: 1. Creating a candidate role. Using detected patterns or manual selection. 2. Processing of the candidate role. The possibility of editing the properties of the candidate role. 3. Migration. Introduction of candidate role in productions. Starting the migration task.
Evolveum · Nov 28, 2023 · fb364ce · fb364ce
1 parent e1434a9
commit fb364ce
Show file tree

Hide file tree

Showing 13 changed files with 1,001 additions and 25 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/PageRole.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/PageRole.java
@@ -8,9 +8,7 @@
 
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
-import java.util.Collection;
-import java.util.List;
-import java.util.UUID;
+import java.util.*;
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.impl.page.admin.abstractrole.AbstractRoleDetailsModel;
@@ -200,20 +198,48 @@ private void businessRoleMigrationPerform(
             return;
         }
 
+        RoleAnalysisService roleAnalysisService = getRoleAnalysisService();
+
         Task task = createSimpleTask(OP_PERFORM_MIGRATION);
 
         String roleOid = ObjectDeltaOperation.findAddDeltaOidRequired(executedDeltas, RoleType.class);
 
         BusinessRoleApplicationDto patternDeltas = getObjectDetailsModels().getPatternDeltas();
-        RoleAnalysisService roleAnalysisService = getRoleAnalysisService();
 
         PrismObject<RoleType> roleObject = roleAnalysisService
                 .getRoleTypeObject(roleOid, task, result);
         if (roleObject != null) {
+
+            if (!patternDeltas.isCandidate()) {
+
+                List<BusinessRoleDto> businessRoleDtos = patternDeltas.getBusinessRoleDtos();
+
+                Set<ObjectReferenceType> candidateMembers = new HashSet<>();
+
+                for (BusinessRoleDto businessRoleDto : businessRoleDtos) {
+                    PrismObject<UserType> prismObjectUser = businessRoleDto.getPrismObjectUser();
+                    if (prismObjectUser != null) {
+                        candidateMembers.add(new ObjectReferenceType()
+                                .oid(prismObjectUser.getOid())
+                                .type(UserType.COMPLEX_TYPE).clone());
+                    }
+                }
+
+                RoleAnalysisCandidateRoleType candidateRole = new RoleAnalysisCandidateRoleType();
+                candidateRole.getCandidateMembers().addAll(candidateMembers);
+                candidateRole.setAnalysisMetric(0.0);
+                candidateRole.setCandidateRoleRef(new ObjectReferenceType()
+                        .oid(roleOid)
+                        .type(RoleType.COMPLEX_TYPE).clone());
+
+                roleAnalysisService.addCandidateRole(
+                        patternDeltas.getCluster().getOid(), candidateRole, task, result);
+                return;
+            }
+
             roleAnalysisService.clusterObjectMigrationRecompute(
                     patternDeltas.getCluster().getOid(), roleOid, task, result);
 
-
             String taskOid = UUID.randomUUID().toString();
 
             ActivityDefinitionType activity = null;

diff --git a/.../evolveum/midpoint/gui/impl/page/admin/role/component/wizard/BusinessRoleWizardPanel.java b/.../evolveum/midpoint/gui/impl/page/admin/role/component/wizard/BusinessRoleWizardPanel.java
@@ -95,7 +95,7 @@ protected void onSubmitPerformed(AjaxRequestTarget target) {
 
             @Override
             protected boolean isSubmitEnable() {
-                return super.isSubmitEnable();
+                return true;
             }
 
             @Override

diff --git a/...m/evolveum/midpoint/gui/impl/page/admin/role/mining/model/BusinessRoleApplicationDto.java b/...m/evolveum/midpoint/gui/impl/page/admin/role/mining/model/BusinessRoleApplicationDto.java
@@ -29,6 +29,7 @@ public class BusinessRoleApplicationDto implements Serializable {
     PrismObject<RoleAnalysisClusterType> cluster;
     PrismObject<RoleType> businessRole;
     List<BusinessRoleDto> businessRoleDtos;
+    boolean isCandidate = false;
 
     public BusinessRoleApplicationDto(
             @NotNull PrismObject<RoleAnalysisClusterType> cluster,
@@ -79,4 +80,21 @@ public void setBusinessRoleDtos(List<BusinessRoleDto> businessRoleDtos) {
         this.businessRoleDtos = businessRoleDtos;
     }
 
+    public Long getPatternId() {
+        return patternId;
+    }
+
+    public void setPatternId(Long patternId) {
+        this.patternId = patternId;
+    }
+
+    Long patternId;
+    public boolean isCandidate() {
+        return isCandidate;
+    }
+
+    public void setCandidate(boolean candidate) {
+        isCandidate = candidate;
+    }
+
 }
diff --git a/...veum/midpoint/gui/impl/page/admin/role/mining/page/panel/cluster/CandidateRolesPanel.html b/...veum/midpoint/gui/impl/page/admin/role/mining/page/panel/cluster/CandidateRolesPanel.html
@@ -0,0 +1,21 @@
+<!--
+  ~ Copyright (C) 2010-2023 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<!DOCTYPE html>
+<html xmlns:wicket="http://wicket.apache.org">
+<wicket:panel>
+
+    <div class="row">
+        <div class="col-md-12">
+            <div wicket:id="container">
+                <div wicket:id="panelId" />
+            </div>
+        </div>
+    </div>
+
+</wicket:panel>
+</html>