fixing policy rule evaluation (shopping cart GUI)

Evolveum · Jan 30, 2018 · fbc84b1 · fbc84b1
1 parent 0a351fe
commit fbc84b1
Show file tree

Hide file tree

Showing 8 changed files with 190 additions and 37 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAssignmentsList.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAssignmentsList.java
@@ -452,40 +452,14 @@ private List<ConflictDto> getAssignmentConflicts(){
                     .getEvaluatedAssignmentTriple();
             Collection<? extends EvaluatedAssignment> addedAssignments = evaluatedAssignmentTriple.getPlusSet();
             for (EvaluatedAssignment<UserType> evaluatedAssignment : addedAssignments) {
+
                 for (EvaluatedPolicyRule policyRule : evaluatedAssignment.getAllTargetsPolicyRules()) {
                     if (!policyRule.containsEnabledAction()) {
                         continue;
                     }
                     // everything other than 'enforce' is a warning
                     boolean isWarning = !policyRule.containsEnabledAction(EnforcementPolicyActionType.class);
-                    for (EvaluatedPolicyRuleTrigger<?> trigger : policyRule.getAllTriggers()) {
-                        if (trigger instanceof EvaluatedExclusionTrigger) {
-                            EvaluatedExclusionTrigger exclusionTrigger = (EvaluatedExclusionTrigger) trigger;
-                            EvaluatedAssignment<F> conflictingAssignment = exclusionTrigger.getConflictingAssignment();
-                            PrismObject<F> addedAssignmentTargetObj = (PrismObject<F>)evaluatedAssignment.getTarget();
-                            PrismObject<F> exclusionTargetObj = (PrismObject<F>)conflictingAssignment.getTarget();
-
-                            AssignmentConflictDto<F> dto1 = new AssignmentConflictDto<>(exclusionTargetObj,
-                                    conflictingAssignment.getAssignmentType(true) != null);
-                            AssignmentConflictDto<F> dto2 = new AssignmentConflictDto<>(addedAssignmentTargetObj,
-                                    evaluatedAssignment.getAssignmentType(true) != null);
-                            ConflictDto conflict = new ConflictDto(dto1, dto2, isWarning);
-                            String oid1 = exclusionTargetObj.getOid();
-                            String oid2 = addedAssignmentTargetObj.getOid();
-                            if (!conflictsMap.containsKey(oid1 + oid2) && !conflictsMap.containsKey(oid2 + oid1)) {
-                                conflictsMap.put(oid1 + oid2, conflict);
-                            } else if (!isWarning) {
-                                // error is stronger than warning, so we replace (potential) warnings with this error
-                                // TODO Kate please review this
-                                if (conflictsMap.containsKey(oid1 + oid2)) {
-                                    conflictsMap.replace(oid1 + oid2, conflict);
-                                }
-                                if (conflictsMap.containsKey(oid2 + oid1)) {
-                                    conflictsMap.replace(oid2 + oid1, conflict);
-                                }
-                            }
-                        }
-                    }
+                    fillInConflictedObjects(evaluatedAssignment, policyRule.getAllTriggers(), isWarning, conflictsMap);
                 }
             }
         } catch (Exception e) {
@@ -495,7 +469,48 @@ private List<ConflictDto> getAssignmentConflicts(){
         conflictsList.addAll(conflictsMap.values());
         return conflictsList;
     }
+
+    private void fillInConflictedObjects(EvaluatedAssignment<UserType> evaluatedAssignment, Collection<EvaluatedPolicyRuleTrigger<?>> triggers, boolean isWarning, Map<String, ConflictDto> conflictsMap) {
+
+    	for (EvaluatedPolicyRuleTrigger<?> trigger : triggers) {
+
+       	 if (trigger instanceof EvaluatedExclusionTrigger) {
+              fillInFromEvaluatedExclusionTrigger(evaluatedAssignment, (EvaluatedExclusionTrigger) trigger, isWarning, conflictsMap);
+           } else if (trigger instanceof EvaluatedCompositeTrigger) {
+        	   EvaluatedCompositeTrigger compositeTrigger = (EvaluatedCompositeTrigger) trigger;
+           	   Collection<EvaluatedPolicyRuleTrigger<?>> innerTriggers = compositeTrigger.getInnerTriggers();
+           	   fillInConflictedObjects(evaluatedAssignment, innerTriggers, isWarning, conflictsMap);
+           }
+    	} 
+
+    }
 
+    private void fillInFromEvaluatedExclusionTrigger(EvaluatedAssignment<UserType> evaluatedAssignment, EvaluatedExclusionTrigger exclusionTrigger, boolean isWarning, Map<String, ConflictDto> conflictsMap) {
+//    	 EvaluatedExclusionTrigger exclusionTrigger = (EvaluatedExclusionTrigger) trigger;
+         EvaluatedAssignment<F> conflictingAssignment = exclusionTrigger.getConflictingAssignment();
+         PrismObject<F> addedAssignmentTargetObj = (PrismObject<F>)evaluatedAssignment.getTarget();
+         PrismObject<F> exclusionTargetObj = (PrismObject<F>)conflictingAssignment.getTarget();
+
+         AssignmentConflictDto<F> dto1 = new AssignmentConflictDto<>(exclusionTargetObj,
+                 conflictingAssignment.getAssignmentType(true) != null);
+         AssignmentConflictDto<F> dto2 = new AssignmentConflictDto<>(addedAssignmentTargetObj,
+                 evaluatedAssignment.getAssignmentType(true) != null);
+         ConflictDto conflict = new ConflictDto(dto1, dto2, isWarning);
+         String oid1 = exclusionTargetObj.getOid();
+         String oid2 = addedAssignmentTargetObj.getOid();
+         if (!conflictsMap.containsKey(oid1 + oid2) && !conflictsMap.containsKey(oid2 + oid1)) {
+             conflictsMap.put(oid1 + oid2, conflict);
+         } else if (!isWarning) {
+             // error is stronger than warning, so we replace (potential) warnings with this error
+             // TODO Kate please review this
+             if (conflictsMap.containsKey(oid1 + oid2)) {
+                 conflictsMap.replace(oid1 + oid2, conflict);
+             }
+             if (conflictsMap.containsKey(oid2 + oid1)) {
+                 conflictsMap.replace(oid2 + oid1, conflict);
+             }
+         }
+    }
     private boolean onlyWarnings(){
         List<ConflictDto> list = getSessionStorage().getRoleCatalog().getConflictsList();
         for (ConflictDto dto : list){

diff --git a/gui/admin-gui/src/test/resources/common/resource-dummy.xml b/gui/admin-gui/src/test/resources/common/resource-dummy.xml
@@ -45,7 +45,7 @@
 
 		<icfc:configurationProperties>
 			<icfi:instanceId></icfi:instanceId> <!-- Default instance. -->
-			<icfi:requireExplicitEnable>true</icfi:requireExplicitEnable>
+<!-- 			<icfi:requireExplicitEnable>true</icfi:requireExplicitEnable> -->
 			<icfi:uselessGuardedString>
 				<clearValue>whatever</clearValue>
 			</icfi:uselessGuardedString>
@@ -513,6 +513,35 @@
 
 	</schemaHandling>
 
+	<capabilities>
+      <configured xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+         <cap:addRemoveAttributeValues/>
+         <cap:activation>
+            <cap:status/>
+            <cap:lockoutStatus/>
+         </cap:activation>
+         <cap:credentials>
+            <cap:password>
+               <cap:returnedByDefault>false</cap:returnedByDefault>
+            </cap:password>
+         </cap:credentials>
+         <cap:liveSync/>
+         <cap:testConnection/>
+         <cap:create/>
+         <cap:read/>
+         <cap:update/>
+         <cap:delete/>
+         <cap:script>
+            <cap:host>
+               <cap:type>resource</cap:type>
+            </cap:host>
+            <cap:host>
+               <cap:type>connector</cap:type>
+            </cap:host>
+         </cap:script>
+      </configured>
+   </capabilities>
+
 	<scripts>
 		<script>
 			<host>resource</host>

diff --git a/infra/prism/src/test/java/com/evolveum/midpoint/prism/query/TestQueryBuilder.java b/infra/prism/src/test/java/com/evolveum/midpoint/prism/query/TestQueryBuilder.java
@@ -21,12 +21,17 @@
 import com.evolveum.midpoint.prism.foo.UserType;
 import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
 import com.evolveum.midpoint.prism.match.MatchingRuleRegistryFactory;
+import com.evolveum.midpoint.prism.match.PolyStringNormMatchingRule;
 import com.evolveum.midpoint.prism.path.ItemPath;
 import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
 import com.evolveum.midpoint.prism.util.PrismTestUtil;
 import com.evolveum.midpoint.util.PrettyPrinter;
 import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
 import com.sun.tools.xjc.reader.xmlschema.bindinfo.BIConversion;
+import com.sun.tools.xjc.reader.xmlschema.bindinfo.BIConversion.User;
+
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.testng.AssertJUnit;
@@ -52,6 +57,8 @@
  * Repo tests check just the HQL outcome.
  */
 public class TestQueryBuilder {
+
+	private static transient Trace LOGGER = TraceManager.getTrace(TestQueryBuilder.class);
 
     public static final QName USER_TYPE_QNAME = new QName(NS_FOO, "UserType");
     public static final QName ASSIGNMENT_TYPE_QNAME = new QName(NS_FOO, "AssignmentType");
@@ -139,6 +146,32 @@ public void test130SingleEquals() throws Exception{
         ObjectQuery actual = QueryBuilder.queryFor(UserType.class, getPrismContext()).item(UserType.F_LOCALITY).eq("Caribbean").build();
         ObjectQuery expected = ObjectQuery.createObjectQuery(createEqual(UserType.F_LOCALITY, UserType.class, null, "Caribbean"));
         compare(actual, expected);
+
+        ObjectQuery query = QueryBuilder.queryFor(UserType.class, getPrismContext())
+        		.item(UserType.F_LOCALITY)
+        			.eq("Caribbean")
+        		.and()
+        			.item(UserType.F_GIVEN_NAME)
+        				.eq("asd")
+        		.and()
+        			.block().item(UserType.F_FAMILY_NAME)
+        				.eq("asdasd")
+
+        				.or()
+            			.item(UserType.F_FAMILY_NAME)
+            				.eq("asdasd")
+
+            				.and()
+            					.block()
+            						.item(UserType.F_FAMILY_NAME).gt("123")
+            						.and().item(UserType.F_LOCALITY).le("123")
+            						.or().item(UserType.F_DESCRIPTION).isNull()
+            					.endBlock()
+            				.and().item(UserType.F_GIVEN_NAME).eq("123")
+            		.endBlock()
+            			.and().item(UserType.F_FULL_NAME).contains("123").matching(PolyStringNormMatchingRule.NAME)
+            				.build();
+        LOGGER.info("Query:\n {}", query.debugDump());
     }
 
     @Test
@@ -525,6 +558,8 @@ public void test310LessThanItem() throws Exception {
     protected void compare(ObjectQuery actual, ObjectQuery expected) {
         String exp = expected.debugDump();
         String act = actual.debugDump();
+
+        LOGGER.info("Generated query:\n {}", act);
         System.out.println("Generated query:\n" + act);
         AssertJUnit.assertEquals("queries do not match", exp, act);
     }

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ParamsTypeUtil.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ParamsTypeUtil.java
@@ -109,7 +109,7 @@ public static Map<String, Collection<String>> fromParamsType(ParamsType paramsTy
 		return null;
 	}
 
-	private static String extractString(JAXBElement<?> jaxbElement) throws SchemaException {
+	public static String extractString(JAXBElement<?> jaxbElement) throws SchemaException {
 		Object value = jaxbElement.getValue();
 		if (value instanceof RawType){
 			XNode xnode = ((RawType) value).getXnode();

diff --git a/...test/src/test/java/com/evolveum/midpoint/model/intest/mapping/TestMappingAutoInbound.java b/...test/src/test/java/com/evolveum/midpoint/model/intest/mapping/TestMappingAutoInbound.java
@@ -238,6 +238,10 @@ public void test200ImportFromResourceAssociations() throws Exception {
         display("User after", userHermanAfter);
         userHermanOid = userHermanAfter.getOid();
         assertUser(userHermanAfter, userHermanAfter.getOid(), USER_HERMAN_USERNAME, USER_HERMAN_FULL_NAME, null, null);
+
+        assertDummyGroupMember(RESOURCE_DUMMY_AUTOGREEN_NAME, GROUP_DUMMY_CRATIC_NAME, USER_HERMAN_USERNAME);
+        assertDummyGroupMember(RESOURCE_DUMMY_AUTOGREEN_NAME, GROUP_DUMMY_TESTERS_NAME, USER_HERMAN_USERNAME);
+
         assertAssignedRole(userHermanAfter, ROLE_AUTODIDACTIC_OID);
         assertAssignedRole(userHermanAfter, ROLE_AUTOGRAPHIC_OID);
         assertAssignedRole(userHermanAfter, ROLE_AUTOTESTERS_OID);

diff --git a/repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/QueryKey.java b/repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/QueryKey.java
@@ -56,8 +56,10 @@ public boolean equals(Object o) {
 
     @Override
     public int hashCode() {
-        int result = type != null ? type.hashCode() : 0;
-        result = 31 * result + (query != null ? query.hashCode() : 0);
+    	final int prime = 31;
+		int result = 1;
+        result = prime * result + (type != null ? type.hashCode() : 0);
+        result = prime * result + (query != null ? query.hashCode() : 0);
         return result;
     }
 

diff --git a/repo/repo-sql-impl/pom.xml b/repo/repo-sql-impl/pom.xml
@@ -101,10 +101,10 @@
 			<groupId>xml-apis</groupId>
 			<artifactId>xml-apis</artifactId>
 		</dependency>
-		<!--<dependency>-->
-			<!--<groupId>javax.xml.bind</groupId>-->
-			<!--<artifactId>jaxb-api</artifactId>-->
-		<!--</dependency>-->
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+		</dependency>
 
         <!-- SPRING -->
         <dependency>

diff --git a/repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java b/repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
@@ -40,10 +40,13 @@
 import com.evolveum.midpoint.schema.internals.InternalsConfig;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
+import com.evolveum.midpoint.schema.util.ParamsTypeUtil;
+import com.evolveum.midpoint.util.DOMUtil;
 import com.evolveum.midpoint.util.Holder;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.exception.SystemException;
+import com.evolveum.midpoint.util.exception.TunnelException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
@@ -55,6 +58,7 @@
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import javax.xml.bind.JAXBElement;
 import javax.xml.namespace.QName;
 import java.util.*;
 
@@ -530,7 +534,32 @@ private <T extends ObjectType> PrismObject<T> updateLoadedObject(GetObjectResult
             lookupTableHelper.updateLoadedLookupTable(prismObject, options, session);
         } else if (AccessCertificationCampaignType.class.equals(prismObject.getCompileTimeClass())) {
             caseHelper.updateLoadedCampaign(prismObject, options, session);
-        }
+        } 
+
+//        Visitor visitor = new Visitor() {
+//			@Override
+//			public void visit(Visitable visitable) {
+//				LOGGER.info("normalizing {}", visitable);
+//				if (!(visitable instanceof PrismPropertyValue)) {
+//					return;
+//				}
+//				PrismPropertyValue<?> pval = (PrismPropertyValue<?>)visitable;
+//				Object realValue = pval.getRealValue();
+//				
+//				if (!(realValue instanceof OperationResultType)) {
+//					return;
+//				}
+//				
+//				OperationResultType operationResultType = (OperationResultType) realValue;
+//				resolveOperationResultParams(operationResultType);
+//				
+//			}
+//        };
+//        try {
+//        	prismObject.accept(visitor);
+//        } catch (TunnelException ex) {
+//        	throw new SchemaException(ex.getMessage(), ex);
+//        }
 
         if (partialValueHolder != null) {
         	partialValueHolder.setValue(prismObject);
@@ -542,6 +571,45 @@ private <T extends ObjectType> PrismObject<T> updateLoadedObject(GetObjectResult
 		return prismObject;
     }
 
+    private void resolveOperationResultParams(OperationResultType operationResultType) {
+
+    	if (operationResultType == null) {
+    		return;
+    	}
+
+    	operationResultType.setParams(convertParamsToString(operationResultType.getParams()));
+    	operationResultType.setContext(convertParamsToString(operationResultType.getContext()));
+    	operationResultType.setReturns(convertParamsToString(operationResultType.getReturns()));
+
+		for (OperationResultType subResult : operationResultType.getPartialResults()) {
+			resolveOperationResultParams(subResult);
+		} 
+    }
+
+    private ParamsType convertParamsToString(ParamsType params) {
+    	if (params == null) {
+    		return null;
+    	}
+    	List<EntryType> entries = params.getEntry();
+
+		List<EntryType> convertedEntries = new ArrayList<>(entries.size());
+		for (EntryType entry : entries) {
+			if (entry == null || entry.getEntryValue() == null) {
+				continue;
+			}
+			try {
+				String stringValue = ParamsTypeUtil.extractString(entry.getEntryValue());
+				EntryType convertedEntry = new EntryType();
+				convertedEntry.setEntryValue(new JAXBElement<String>(DOMUtil.XSD_STRING, String.class, stringValue));
+				convertedEntries.add(convertedEntry);
+			} catch (SchemaException e) {
+				throw new TunnelException(e);
+			}
+		}
+		ParamsType convertedParams = new ParamsType();
+		convertedParams.getEntry().addAll(convertedEntries);
+		return convertedParams;
+    }
 
     private void applyShadowAttributeDefinitions(Class<? extends RAnyValue> anyValueType,
                                                  PrismObject object, Session session) throws SchemaException {