Search in sources :

Example 1 with S_AtomicFilterExit

use of com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit in project midpoint by Evolveum.

the class PolicyRuleProcessor method getNumberOfAssigneesExceptMyself.

/**
	 * Returns numbers of assignees with the given relation name.
	 */
private int getNumberOfAssigneesExceptMyself(AbstractRoleType target, String selfOid, QName relation, OperationResult result) throws SchemaException {
    S_AtomicFilterExit q = QueryBuilder.queryFor(FocusType.class, prismContext).item(FocusType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF).ref(target.getOid());
    if (selfOid != null) {
        q = q.and().not().id(selfOid);
    }
    ObjectQuery query = q.build();
    List<PrismObject<FocusType>> assignees = repositoryService.searchObjects(FocusType.class, query, null, result);
    int count = 0;
    assignee: for (PrismObject<FocusType> assignee : assignees) {
        for (AssignmentType assignment : assignee.asObjectable().getAssignment()) {
            if (assignment.getTargetRef() != null && ObjectTypeUtil.relationsEquivalent(relation, assignment.getTargetRef().getRelation())) {
                count++;
                continue assignee;
            }
        }
    }
    return count;
}
Also used : S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)

Example 2 with S_AtomicFilterExit

use of com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit in project midpoint by Evolveum.

the class SecurityEnforcerImpl method applyOwnerFilterOwnerRef.

private <T extends ObjectType> ObjectFilter applyOwnerFilterOwnerRef(ItemPath ownerRefPath, ObjectFilter objSpecSecurityFilter, MidPointPrincipal principal, PrismObjectDefinition<T> objectDefinition) {
    PrismReferenceDefinition ownerRefDef = objectDefinition.findReferenceDefinition(ownerRefPath);
    S_AtomicFilterExit builder = QueryBuilder.queryFor(AbstractRoleType.class, prismContext).item(ownerRefPath, ownerRefDef).ref(principal.getUser().getOid());
    // TODO don't understand this code
    for (ObjectReferenceType subjectParentOrgRef : principal.getUser().getParentOrgRef()) {
        if (ObjectTypeUtil.isDefaultRelation(subjectParentOrgRef.getRelation())) {
            builder = builder.or().item(ownerRefPath, ownerRefDef).ref(subjectParentOrgRef.getOid());
        }
    }
    ObjectFilter objSpecOwnerFilter = builder.buildFilter();
    objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecOwnerFilter);
    LOGGER.trace("  applying owner filter {}", objSpecOwnerFilter);
    return objSpecSecurityFilter;
}
Also used : S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit)

Example 3 with S_AtomicFilterExit

use of com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit in project midpoint by Evolveum.

the class SecurityEnforcerImpl method preProcessObjectFilterInternal.

private <T extends ObjectType, O extends ObjectType> ObjectFilter preProcessObjectFilterInternal(MidPointPrincipal principal, String operationUrl, AuthorizationPhaseType phase, boolean includeNullPhase, Class<T> objectType, PrismObject<O> object, boolean includeSpecial, ObjectFilter origFilter, String desc) throws SchemaException {
    Collection<Authorization> authorities = getAuthorities(principal);
    ObjectFilter securityFilterAllow = null;
    ObjectFilter securityFilterDeny = null;
    QueryItemsSpec queryItemsSpec = new QueryItemsSpec();
    // MID-3916
    queryItemsSpec.addRequiredItems(origFilter);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace(" Initial query items spec {}", queryItemsSpec.shortDump());
    }
    boolean hasAllowAll = false;
    if (authorities != null) {
        for (GrantedAuthority authority : authorities) {
            if (authority instanceof Authorization) {
                Authorization autz = (Authorization) authority;
                String autzHumanReadableDesc = autz.getHumanReadableDesc();
                LOGGER.trace("Evaluating {}", autzHumanReadableDesc);
                // action
                if (!autz.getAction().contains(operationUrl) && !autz.getAction().contains(AuthorizationConstants.AUTZ_ALL_URL)) {
                    LOGGER.trace("  Authorization not applicable for operation {}", operationUrl);
                    continue;
                }
                // phase
                if (autz.getPhase() == phase || (includeNullPhase && autz.getPhase() == null)) {
                    LOGGER.trace("  Authorization is applicable for phases {} (continuing evaluation)", phase);
                } else {
                    LOGGER.trace("  Authorization is not applicable for phase {}", phase);
                    continue;
                }
                // object or target
                String objectTargetSpec;
                ObjectFilter autzObjSecurityFilter = null;
                List<OwnedObjectSelectorType> objectSpecTypes;
                if (object == null) {
                    // object not present. Therefore we are looking for object here
                    objectSpecTypes = autz.getObject();
                    objectTargetSpec = "object";
                } else {
                    // object present. Therefore we are looking for target
                    objectSpecTypes = autz.getTarget();
                    objectTargetSpec = "target";
                    // .. but we need to decide whether this authorization is applicable to the object
                    if (isApplicable(autz.getObject(), object, principal, null, "object", autzHumanReadableDesc)) {
                        LOGGER.trace("  Authorization is applicable for object {}", object);
                    } else {
                        LOGGER.trace("  Authorization is not applicable for object {}", object);
                        continue;
                    }
                }
                boolean applicable = true;
                if (objectSpecTypes == null || objectSpecTypes.isEmpty()) {
                    LOGGER.trace("  No {} specification in authorization (authorization is universaly applicable)", objectTargetSpec);
                    autzObjSecurityFilter = AllFilter.createAll();
                } else {
                    applicable = false;
                    for (OwnedObjectSelectorType objectSpecType : objectSpecTypes) {
                        ObjectFilter objSpecSecurityFilter = null;
                        TypeFilter objSpecTypeFilter = null;
                        SearchFilterType specFilterType = objectSpecType.getFilter();
                        ObjectReferenceType specOrgRef = objectSpecType.getOrgRef();
                        OrgRelationObjectSpecificationType specOrgRelation = objectSpecType.getOrgRelation();
                        RoleRelationObjectSpecificationType specRoleRelation = objectSpecType.getRoleRelation();
                        QName specTypeQName = objectSpecType.getType();
                        PrismObjectDefinition<T> objectDefinition = null;
                        // Type
                        if (specTypeQName != null) {
                            specTypeQName = prismContext.getSchemaRegistry().qualifyTypeName(specTypeQName);
                            PrismObjectDefinition<?> specObjectDef = prismContext.getSchemaRegistry().findObjectDefinitionByType(specTypeQName);
                            if (specObjectDef == null) {
                                throw new SchemaException("Unknown object type " + specTypeQName + " in " + autzHumanReadableDesc);
                            }
                            Class<?> specObjectClass = specObjectDef.getCompileTimeClass();
                            if (!objectType.isAssignableFrom(specObjectClass)) {
                                LOGGER.trace("  Authorization not applicable for object because of type mismatch, authorization {}, query {}", new Object[] { specObjectClass, objectType });
                                continue;
                            } else {
                                LOGGER.trace("  Authorization is applicable for object because of type match, authorization {}, query {}", new Object[] { specObjectClass, objectType });
                                // The spec type is a subclass of requested type. So it might be returned from the search.
                                // We need to use type filter.
                                objSpecTypeFilter = TypeFilter.createType(specTypeQName, null);
                                // and now we have a more specific object definition to use later in filter processing
                                objectDefinition = (PrismObjectDefinition<T>) specObjectDef;
                            }
                        }
                        // Owner
                        if (objectSpecType.getOwner() != null) {
                            if (objectDefinition == null) {
                                objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectType);
                            }
                            // TODO: MID-3899
                            if (AbstractRoleType.class.isAssignableFrom(objectType)) {
                                objSpecSecurityFilter = applyOwnerFilterOwnerRef(new ItemPath(AbstractRoleType.F_OWNER_REF), objSpecSecurityFilter, principal, objectDefinition);
                            } else if (TaskType.class.isAssignableFrom(objectType)) {
                                objSpecSecurityFilter = applyOwnerFilterOwnerRef(new ItemPath(TaskType.F_OWNER_REF), objSpecSecurityFilter, principal, objectDefinition);
                            } else {
                                LOGGER.trace("  Authorization not applicable for object because it has owner specification (this is not applicable for search)");
                                continue;
                            }
                        }
                        //							// Delegator
                        //							if (objectSpecType.getDelegator() != null) {
                        //								if (objectDefinition == null) {
                        //									objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectType);
                        //								}
                        //								// TODO: MID-3899
                        //								if (UserType.class.isAssignableFrom(objectType)) { TODO
                        //									objSpecSecurityFilter = applyOwnerFilterOwnerRef(new ItemPath(AbstractRoleType.F_OWNER_REF), objSpecSecurityFilter,  principal, objectDefinition);
                        //								} else if (TaskType.class.isAssignableFrom(objectType)) {
                        //									objSpecSecurityFilter = applyOwnerFilterOwnerRef(new ItemPath(TaskType.F_OWNER_REF), objSpecSecurityFilter,  principal, objectDefinition);
                        //								} else {
                        //									LOGGER.trace("  Authorization not applicable for object because it has owner specification (this is not applicable for search)");
                        //									continue;
                        //								}								
                        //							}
                        applicable = true;
                        // Special
                        List<SpecialObjectSpecificationType> specSpecial = objectSpecType.getSpecial();
                        if (specSpecial != null && !specSpecial.isEmpty()) {
                            if (!includeSpecial) {
                                LOGGER.trace("  Skipping authorization, because specials are present: {}", specSpecial);
                                applicable = false;
                            }
                            if (specFilterType != null || specOrgRef != null || specOrgRelation != null || specRoleRelation != null) {
                                throw new SchemaException("Both filter/org/role and special object specification specified in authorization");
                            }
                            ObjectFilter specialFilter = null;
                            for (SpecialObjectSpecificationType special : specSpecial) {
                                if (special == SpecialObjectSpecificationType.SELF) {
                                    String principalOid = principal.getOid();
                                    specialFilter = ObjectQueryUtil.filterOr(specialFilter, InOidFilter.createInOid(principalOid));
                                } else {
                                    throw new SchemaException("Unsupported special object specification specified in authorization: " + special);
                                }
                            }
                            objSpecSecurityFilter = specTypeQName != null ? TypeFilter.createType(specTypeQName, specialFilter) : specialFilter;
                        } else {
                            LOGGER.trace("  specials empty: {}", specSpecial);
                        }
                        // Filter
                        if (specFilterType != null) {
                            if (objectDefinition == null) {
                                objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectType);
                            }
                            ObjectFilter specFilter = QueryJaxbConvertor.createObjectFilter(objectDefinition, specFilterType, prismContext);
                            if (specFilter != null) {
                                ObjectQueryUtil.assertNotRaw(specFilter, "Filter in authorization object has undefined items. Maybe a 'type' specification is missing in the authorization?");
                                ObjectQueryUtil.assertPropertyOnly(specFilter, "Filter in authorization object is not property-only filter");
                            }
                            LOGGER.trace("  applying property filter {}", specFilter);
                            objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, specFilter);
                        } else {
                            LOGGER.trace("  filter empty");
                        }
                        // Org
                        if (specOrgRef != null) {
                            ObjectFilter orgFilter = QueryBuilder.queryFor(ObjectType.class, prismContext).isChildOf(specOrgRef.getOid()).buildFilter();
                            objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, orgFilter);
                            LOGGER.trace("  applying org filter {}", orgFilter);
                        } else {
                            LOGGER.trace("  org empty");
                        }
                        // orgRelation
                        if (specOrgRelation != null) {
                            ObjectFilter objSpecOrgRelationFilter = null;
                            QName subjectRelation = specOrgRelation.getSubjectRelation();
                            for (ObjectReferenceType subjectParentOrgRef : principal.getUser().getParentOrgRef()) {
                                if (MiscSchemaUtil.compareRelation(subjectRelation, subjectParentOrgRef.getRelation())) {
                                    S_FilterEntryOrEmpty q = QueryBuilder.queryFor(ObjectType.class, prismContext);
                                    S_AtomicFilterExit q2;
                                    if (specOrgRelation.getScope() == null || specOrgRelation.getScope() == OrgScopeType.ALL_DESCENDANTS) {
                                        q2 = q.isChildOf(subjectParentOrgRef.getOid());
                                    } else if (specOrgRelation.getScope() == OrgScopeType.DIRECT_DESCENDANTS) {
                                        q2 = q.isDirectChildOf(subjectParentOrgRef.getOid());
                                    } else if (specOrgRelation.getScope() == OrgScopeType.ALL_ANCESTORS) {
                                        q2 = q.isParentOf(subjectParentOrgRef.getOid());
                                    } else {
                                        throw new UnsupportedOperationException("Unknown orgRelation scope " + specOrgRelation.getScope());
                                    }
                                    if (BooleanUtils.isTrue(specOrgRelation.isIncludeReferenceOrg())) {
                                        q2 = q2.or().id(subjectParentOrgRef.getOid());
                                    }
                                    objSpecOrgRelationFilter = ObjectQueryUtil.filterOr(objSpecOrgRelationFilter, q2.buildFilter());
                                }
                            }
                            if (objSpecOrgRelationFilter == null) {
                                objSpecOrgRelationFilter = NoneFilter.createNone();
                            }
                            objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecOrgRelationFilter);
                            LOGGER.trace("  applying orgRelation filter {}", objSpecOrgRelationFilter);
                        } else {
                            LOGGER.trace("  orgRelation empty");
                        }
                        // roleRelation
                        if (specRoleRelation != null) {
                            ObjectFilter objSpecRoleRelationFilter = processRoleRelationFilter(principal, autz, specRoleRelation, queryItemsSpec, origFilter);
                            if (objSpecRoleRelationFilter == null) {
                                if (autz.maySkipOnSearch()) {
                                    LOGGER.trace("  not applying roleRelation filter because it is not efficient and maySkipOnSearch is set", objSpecRoleRelationFilter);
                                    applicable = false;
                                } else {
                                    objSpecRoleRelationFilter = NoneFilter.createNone();
                                }
                            }
                            if (objSpecRoleRelationFilter != null) {
                                objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecRoleRelationFilter);
                                LOGGER.trace("  applying roleRelation filter {}", objSpecRoleRelationFilter);
                            }
                        } else {
                            LOGGER.trace("  roleRelation empty");
                        }
                        if (objSpecTypeFilter != null) {
                            objSpecTypeFilter.setFilter(objSpecSecurityFilter);
                            objSpecSecurityFilter = objSpecTypeFilter;
                        }
                        traceFilter("objSpecSecurityFilter", objectSpecType, objSpecSecurityFilter);
                        autzObjSecurityFilter = ObjectQueryUtil.filterOr(autzObjSecurityFilter, objSpecSecurityFilter);
                    }
                }
                traceFilter("autzObjSecurityFilter", autz, autzObjSecurityFilter);
                if (applicable) {
                    autzObjSecurityFilter = ObjectQueryUtil.simplify(autzObjSecurityFilter);
                    // authority is applicable to this situation. now we can process the decision.
                    AuthorizationDecisionType decision = autz.getDecision();
                    if (decision == null || decision == AuthorizationDecisionType.ALLOW) {
                        // allow
                        if (ObjectQueryUtil.isAll(autzObjSecurityFilter)) {
                            // this is "allow all" authorization.
                            hasAllowAll = true;
                        } else {
                            securityFilterAllow = ObjectQueryUtil.filterOr(securityFilterAllow, autzObjSecurityFilter);
                        }
                        if (!ObjectQueryUtil.isNone(autzObjSecurityFilter)) {
                            queryItemsSpec.addAllowedItems(autz);
                        }
                    } else {
                        // deny
                        if (autz.getItem() != null && !autz.getItem().isEmpty()) {
                        // This is a tricky situation. We have deny authorization, but it only denies access to
                        // some items. Therefore we need to find the objects and then filter out the items.
                        // Therefore do not add this authorization into the filter.
                        } else {
                            if (ObjectQueryUtil.isAll(autzObjSecurityFilter)) {
                                // This is "deny all". We cannot have anything stronger than that.
                                // There is no point in continuing the evaluation.
                                LOGGER.trace("AUTZ {}: principal={}, operation={}: deny all", desc, new Object[] { getUsername(principal), operationUrl });
                                NoneFilter secFilter = NoneFilter.createNone();
                                traceFilter("secFilter", null, secFilter);
                                return secFilter;
                            }
                            securityFilterDeny = ObjectQueryUtil.filterOr(securityFilterDeny, autzObjSecurityFilter);
                        }
                    }
                }
                traceFilter("securityFilterAllow", autz, securityFilterAllow);
                traceFilter("securityFilterDeny", autz, securityFilterDeny);
            } else {
                LOGGER.warn("Unknown authority type {} in user {}", authority.getClass(), getUsername(principal));
            }
        }
    }
    traceFilter("securityFilterAllow", null, securityFilterAllow);
    traceFilter("securityFilterDeny", null, securityFilterDeny);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace(" Final items: {}", queryItemsSpec.shortDump());
    }
    List<ItemPath> unsatisfiedItems = queryItemsSpec.evaluateUnsatisfierItems();
    if (!unsatisfiedItems.isEmpty()) {
        LOGGER.trace("AUTZ {}: principal={}, operation={}: deny because items {} are not allowed", desc, getUsername(principal), operationUrl, unsatisfiedItems);
        NoneFilter secFilter = NoneFilter.createNone();
        traceFilter("secFilter", null, secFilter);
        return secFilter;
    }
    ObjectFilter origWithAllowFilter;
    if (hasAllowAll) {
        origWithAllowFilter = origFilter;
    } else if (securityFilterAllow == null) {
        // Nothing has been allowed. This means default deny.
        LOGGER.trace("AUTZ {}: principal={}, operation={}: default deny", desc, getUsername(principal), operationUrl);
        NoneFilter secFilter = NoneFilter.createNone();
        traceFilter("secFilter", null, secFilter);
        return secFilter;
    } else {
        origWithAllowFilter = ObjectQueryUtil.filterAnd(origFilter, securityFilterAllow);
    }
    if (securityFilterDeny == null) {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("AUTZ {}: principal={}, operation={}: allow:\n{}", desc, getUsername(principal), operationUrl, origWithAllowFilter == null ? "null" : origWithAllowFilter.debugDump());
        }
        traceFilter("origWithAllowFilter", null, origWithAllowFilter);
        return origWithAllowFilter;
    } else {
        ObjectFilter secFilter = ObjectQueryUtil.filterAnd(origWithAllowFilter, NotFilter.createNot(securityFilterDeny));
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("AUTZ {}: principal={}, operation={}: allow (with deny clauses):\n{}", desc, getUsername(principal), operationUrl, secFilter == null ? "null" : secFilter.debugDump());
        }
        traceFilter("secFilter", null, secFilter);
        return secFilter;
    }
}
Also used : S_FilterEntryOrEmpty(com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty) S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) SearchFilterType(com.evolveum.prism.xml.ns._public.query_3.SearchFilterType) QName(javax.xml.namespace.QName) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 4 with S_AtomicFilterExit

use of com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit in project midpoint by Evolveum.

the class RoleMemberPanel method createDirectMemberQuery.

private ObjectQuery createDirectMemberQuery() {
    ObjectQuery query;
    String oid = getModelObject().getOid();
    S_AtomicFilterExit q = QueryBuilder.queryFor(FocusType.class, getPrismContext()).item(FocusType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF).ref(createReferenceValuesList());
    DropDownChoice<OrgType> tenantChoice = (DropDownChoice) get(createComponentPath(ID_TENANT));
    OrgType tenant = tenantChoice.getModelObject();
    if (tenant != null) {
        q = q.and().item(FocusType.F_ASSIGNMENT, AssignmentType.F_TENANT_REF).ref(createReference(tenant).asReferenceValue());
    }
    DropDownChoice<OrgType> projectChoice = (DropDownChoice) get(createComponentPath(ID_PROJECT));
    OrgType project = projectChoice.getModelObject();
    if (project != null) {
        q = q.and().item(FocusType.F_ASSIGNMENT, AssignmentType.F_ORG_REF).ref(createReference(project).asReferenceValue());
    }
    query = q.build();
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Searching members of role {} with query:\n{}", oid, query.debugDump());
    }
    DropDownChoice<QName> objectTypeChoice = (DropDownChoice) get(createComponentPath(ID_OBJECT_TYPE));
    QName objectType = objectTypeChoice.getModelObject();
    if (objectType == null || FocusType.COMPLEX_TYPE.equals(objectType)) {
        return query;
    } else {
        return ObjectQuery.createObjectQuery(TypeFilter.createType(objectType, query.getFilter()));
    }
}
Also used : DropDownChoice(org.apache.wicket.markup.html.form.DropDownChoice) OrgType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType) QName(javax.xml.namespace.QName) S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)

Example 5 with S_AtomicFilterExit

use of com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit in project midpoint by Evolveum.

the class AbstractTreeTablePanel method createOrgChildQuery.

protected ObjectQuery createOrgChildQuery() {
    SelectableBean<OrgType> dto = selected.getObject();
    String oid = dto != null && dto.getValue() != null ? dto.getValue().getOid() : getModel().getObject();
    BasicSearchPanel<String> basicSearch = (BasicSearchPanel) get(createComponentPath(ID_SEARCH_FORM, ID_BASIC_SEARCH));
    String object = basicSearch.getModelObject();
    DropDownChoice<String> searchScopeChoice = (DropDownChoice) get(createComponentPath(ID_SEARCH_FORM, ID_SEARCH_SCOPE));
    String scope = searchScopeChoice.getModelObject();
    if (StringUtils.isBlank(object)) {
        object = null;
    }
    PageBase page = getPageBase();
    PrismContext context = page.getPrismContext();
    S_AtomicFilterExit q;
    if (object == null || SEARCH_SCOPE_ONE.equals(scope)) {
        q = QueryBuilder.queryFor(OrgType.class, context).isDirectChildOf(oid);
    } else {
        q = QueryBuilder.queryFor(OrgType.class, context).isChildOf(oid);
    }
    if (object == null) {
        return q.build();
    }
    PolyStringNormalizer normalizer = context.getDefaultPolyStringNormalizer();
    String normalizedString = normalizer.normalize(object);
    if (StringUtils.isEmpty(normalizedString)) {
        return q.build();
    }
    ObjectQuery query = q.and().block().item(OrgType.F_NAME).containsPoly(normalizedString).matchingNorm().or().item(OrgType.F_DISPLAY_NAME).containsPoly(normalizedString).matchingNorm().build();
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Searching child orgs of org {} with query:\n{}", oid, query.debugDump());
    }
    return query;
}
Also used : DropDownChoice(org.apache.wicket.markup.html.form.DropDownChoice) BasicSearchPanel(com.evolveum.midpoint.web.component.BasicSearchPanel) OrgType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType) PrismContext(com.evolveum.midpoint.prism.PrismContext) S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit) PageBase(com.evolveum.midpoint.gui.api.page.PageBase) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) PolyStringNormalizer(com.evolveum.midpoint.prism.polystring.PolyStringNormalizer)

Aggregations

S_AtomicFilterExit (com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit)6 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)3 QName (javax.xml.namespace.QName)3 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 OrgType (com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType)2 DropDownChoice (org.apache.wicket.markup.html.form.DropDownChoice)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 ModelExecuteOptions (com.evolveum.midpoint.model.api.ModelExecuteOptions)1 ModelContext (com.evolveum.midpoint.model.api.context.ModelContext)1 ModelState (com.evolveum.midpoint.model.api.context.ModelState)1 HookOperationMode (com.evolveum.midpoint.model.api.hooks.HookOperationMode)1 AbstractModelImplementationIntegrationTest (com.evolveum.midpoint.model.impl.AbstractModelImplementationIntegrationTest)1 ModelOperationTaskHandler (com.evolveum.midpoint.model.impl.controller.ModelOperationTaskHandler)1 Clockwork (com.evolveum.midpoint.model.impl.lens.Clockwork)1 LensContext (com.evolveum.midpoint.model.impl.lens.LensContext)1 com.evolveum.midpoint.prism (com.evolveum.midpoint.prism)1 T_PARENT (com.evolveum.midpoint.prism.PrismConstants.T_PARENT)1 PrismContext (com.evolveum.midpoint.prism.PrismContext)1 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1 PolyStringNormalizer (com.evolveum.midpoint.prism.polystring.PolyStringNormalizer)1