fixed MID-1881 tests for security are enabled now.

Evolveum · May 15, 2014 · fe8a81e · fe8a81e
1 parent 59909a7
commit fe8a81e
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/query/TypeFilter.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/query/TypeFilter.java
@@ -54,7 +54,8 @@ public static TypeFilter createType(QName type, ObjectFilter filter) {
 
     @Override
     public ObjectFilter clone() {
-        return new TypeFilter(type, filter.clone());
+        ObjectFilter f = filter != null ? filter.clone() : null;
+        return new TypeFilter(type, f);
     }
 
     @Override

diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestSecurity.java
@@ -623,7 +623,7 @@ public void test205AutzJackObjectFilterModifyCaribbeanfRole() throws Exception {
         assertDeleteDeny();
 	}
 
-	@Test(enabled=false) // MID-1881
+	@Test
     public void test207AutzJackObjectFilterCaribbeanRole() throws Exception {
 		final String TEST_NAME = "test207AutzJackObjectFilterCaribbeanfRole";
         TestUtil.displayTestTile(this, TEST_NAME);

diff --git a/...-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/restriction/Restriction.java b/...-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/restriction/Restriction.java
@@ -55,11 +55,15 @@ public void setParent(Restriction parent) {
         this.parent = parent;
     }
 
+    // todo parameter can be removed
     public abstract Criterion interpret(T filter) throws QueryException;
 
     //todo remove both params, they are already in restriction
+    // when called this we don't really know if filter class matches T as can be seen in QueryInterpreter
+    // therefore filter should stay here as paramtere probably
     public abstract boolean canHandle(ObjectFilter filter, QueryContext context) throws QueryException;
 
-    // todo don't know if cloning is necessary.. [lazyman]
+    // todo don't know if cloning is necessary... [lazyman]
+    // this can be replaced probably by simple java reflection call
     public abstract Restriction cloneInstance();
 }
diff --git a/...security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java b/...security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityEnforcerImpl.java
@@ -818,7 +818,7 @@ private <O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPo
 											new Object[]{specObjectClass, objectType});
 									// The spec type is a subclass of requested type. So it might be returned from the search.
 									// We need to use type filter.
-									objSpecSecurityFilter = TypeFilter.createType(specTypeQName);
+									objSpecSecurityFilter = TypeFilter.createType(specTypeQName, null);
 									// and now we have a more specific object definition to use later in filter processing
 									objectDefinition = (PrismObjectDefinition<O>) specObjectDef;
 								}
@@ -847,7 +847,8 @@ private <O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPo
 										throw new SchemaException("Unsupported special object specification specified in authorization: "+special);
 									}
 								}
-								objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, specialFilter);
+                                objSpecSecurityFilter = specTypeQName != null ?
+                                        TypeFilter.createType(specTypeQName, specialFilter) : specialFilter;
 							} else {
 								LOGGER.trace("  specials empty: {}", specSpecial);
 							}