Examples with SelectorOptions com.evolveum.midpoint.schema.SelectorOptions used on opensource projects

Example 26 with SelectorOptions

use of com.evolveum.midpoint.schema.SelectorOptions in project midpoint by Evolveum.

the class PageAbstractSelfCredentials method loadPageModel.

private MyPasswordsDto loadPageModel() {
    LOGGER.debug("Loading user and accounts.");
    MyPasswordsDto dto = new MyPasswordsDto();
    OperationResult result = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS);
    try {
        String userOid = SecurityUtils.getPrincipalUser().getOid();
        Task task = createSimpleTask(OPERATION_LOAD_USER);
        OperationResult subResult = result.createSubresult(OPERATION_LOAD_USER);
        user = getModelService().getObject(UserType.class, userOid, null, task, subResult);
        subResult.recordSuccessIfUnknown();
        dto.getAccounts().add(createDefaultPasswordAccountDto(user));
        CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy();
        if (credentialsPolicyType != null) {
            PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword();
            if (passwordCredentialsPolicy != null) {
                CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl();
                if (propagationUserControl != null) {
                    dto.setPropagation(propagationUserControl);
                }
                PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity();
                if (passwordChangeSecurity != null) {
                    dto.setPasswordChangeSecurity(passwordChangeSecurity);
                }
            }
        }
        if (dto.getPropagation() == null || dto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) {
            PrismReference reference = user.findReference(UserType.F_LINK_REF);
            if (reference == null || reference.getValues() == null) {
                LOGGER.debug("No accounts found for user {}.", new Object[] { userOid });
                return dto;
            }
            final Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(ShadowType.F_RESOURCE, GetOperationOptions.createResolve());
            List<PrismReferenceValue> values = reference.getValues();
            for (PrismReferenceValue value : values) {
                subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT);
                try {
                    String accountOid = value.getOid();
                    task = createSimpleTask(OPERATION_LOAD_ACCOUNT);
                    PrismObject<ShadowType> account = getModelService().getObject(ShadowType.class, accountOid, options, task, subResult);
                    dto.getAccounts().add(createPasswordAccountDto(account));
                    subResult.recordSuccessIfUnknown();
                } catch (Exception ex) {
                    LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", ex);
                    subResult.recordFatalError("Couldn't load account.", ex);
                }
            }
        }
        result.recordSuccessIfUnknown();
    } catch (Exception ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load accounts", ex);
        result.recordFatalError("Couldn't load accounts", ex);
    } finally {
        result.recomputeStatus();
    }
    Collections.sort(dto.getAccounts());
    if (!result.isSuccess() && !result.isHandledError()) {
        showResult(result);
    }
    return dto;
}

Example 27 with SelectorOptions

use of com.evolveum.midpoint.schema.SelectorOptions in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method getRoleSpecEntriesForAllRoles.

private Collection<RoleSelectionSpecEntry> getRoleSpecEntriesForAllRoles(OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException {
    ObjectTemplateType objectTemplateType = schemaTransformer.determineObjectTemplate(RoleType.class, AuthorizationPhaseType.REQUEST, result);
    if (objectTemplateType == null) {
        return null;
    }
    Collection<RoleSelectionSpecEntry> allEntries = new ArrayList();
    for (ObjectTemplateItemDefinitionType itemDef : objectTemplateType.getItem()) {
        ItemPathType ref = itemDef.getRef();
        if (ref == null) {
            continue;
        }
        ItemPath itemPath = ref.getItemPath();
        QName itemName = ItemPath.getName(itemPath.first());
        if (itemName == null) {
            continue;
        }
        if (QNameUtil.match(RoleType.F_ROLE_TYPE, itemName)) {
            ObjectReferenceType valueEnumerationRef = itemDef.getValueEnumerationRef();
            if (valueEnumerationRef == null || valueEnumerationRef.getOid() == null) {
                return allEntries;
            }
            Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(LookupTableType.F_ROW, GetOperationOptions.createRetrieve(RetrieveOption.INCLUDE));
            PrismObject<LookupTableType> lookup = cacheRepositoryService.getObject(LookupTableType.class, valueEnumerationRef.getOid(), options, result);
            for (LookupTableRowType row : lookup.asObjectable().getRow()) {
                PolyStringType polyLabel = row.getLabel();
                String key = row.getKey();
                String label = key;
                if (polyLabel != null) {
                    label = polyLabel.getOrig();
                }
                RoleSelectionSpecEntry roleTypeDval = new RoleSelectionSpecEntry(key, label, null);
                allEntries.add(roleTypeDval);
            }
            return allEntries;
        }
    }
    return allEntries;
}

Example 28 with SelectorOptions

use of com.evolveum.midpoint.schema.SelectorOptions in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method getEditObjectDefinition.

@Override
public <O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException {
    OperationResult result = parentResult.createMinorSubresult(GET_EDIT_OBJECT_DEFINITION);
    PrismObjectDefinition<O> objectDefinition = object.getDefinition().deepClone(true);
    PrismObject<O> baseObject = object;
    if (object.getOid() != null) {
        // Re-read the object from the repository to make sure we have all the properties.
        // the object from method parameters may be already processed by the security code
        // and properties needed to evaluate authorizations may not be there
        // MID-3126, see also MID-3435
        baseObject = cacheRepositoryService.getObject(object.getCompileTimeClass(), object.getOid(), null, result);
    }
    // TODO: maybe we need to expose owner resolver in the interface?
    ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(baseObject, null);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Security constrains for {}:\n{}", object, securityConstraints == null ? "null" : securityConstraints.debugDump());
    }
    if (securityConstraints == null) {
        // Nothing allowed => everything denied
        result.setStatus(OperationResultStatus.NOT_APPLICABLE);
        return null;
    }
    ObjectTemplateType objectTemplateType;
    try {
        objectTemplateType = schemaTransformer.determineObjectTemplate(object, phase, result);
    } catch (ConfigurationException | ObjectNotFoundException e) {
        result.recordFatalError(e);
        throw e;
    }
    schemaTransformer.applyObjectTemplateToDefinition(objectDefinition, objectTemplateType, result);
    schemaTransformer.applySecurityConstraints(objectDefinition, securityConstraints, phase);
    if (object.canRepresent(ShadowType.class)) {
        PrismObject<ShadowType> shadow = (PrismObject<ShadowType>) object;
        String resourceOid = ShadowUtil.getResourceOid(shadow);
        if (resourceOid != null) {
            Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createReadOnly());
            PrismObject<ResourceType> resource;
            try {
                resource = provisioning.getObject(ResourceType.class, resourceOid, options, task, result);
            } catch (CommunicationException | SecurityViolationException | ExpressionEvaluationException e) {
                throw new ConfigurationException(e.getMessage(), e);
            }
            RefinedObjectClassDefinition refinedObjectClassDefinition = getEditObjectClassDefinition(shadow, resource, phase);
            if (refinedObjectClassDefinition != null) {
                ((ComplexTypeDefinitionImpl) objectDefinition.getComplexTypeDefinition()).replaceDefinition(ShadowType.F_ATTRIBUTES, refinedObjectClassDefinition.toResourceAttributeContainerDefinition());
            }
        }
    }
    result.computeStatus();
    return objectDefinition;
}

Example 29 with SelectorOptions

use of com.evolveum.midpoint.schema.SelectorOptions in project midpoint by Evolveum.

the class AssociationFromLinkExpressionEvaluator method evaluate.

/* (non-Javadoc)
	 * @see com.evolveum.midpoint.common.expression.ExpressionEvaluator#evaluate(java.util.Collection, java.util.Map, boolean, java.lang.String, com.evolveum.midpoint.schema.result.OperationResult)
	 */
@Override
public PrismValueDeltaSetTriple<PrismContainerValue<ShadowAssociationType>> evaluate(ExpressionEvaluationContext context) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
    String desc = context.getContextDescription();
    Object orderOneObject = context.getVariables().get(ExpressionConstants.VAR_ORDER_ONE_OBJECT);
    if (orderOneObject == null) {
        throw new ExpressionEvaluationException("No order one object variable in " + desc + "; the expression may be used in a wrong place. It is only supposed to work in a role.");
    }
    if (!(orderOneObject instanceof AbstractRoleType)) {
        throw new ExpressionEvaluationException("Order one object variable in " + desc + " is not a role, it is " + orderOneObject.getClass().getName() + "; the expression may be used in a wrong place. It is only supposed to work in a role.");
    }
    AbstractRoleType thisRole = (AbstractRoleType) orderOneObject;
    LOGGER.trace("Evaluating association from link on: {}", thisRole);
    RefinedObjectClassDefinition rAssocTargetDef = (RefinedObjectClassDefinition) context.getVariables().get(ExpressionConstants.VAR_ASSOCIATION_TARGET_OBJECT_CLASS_DEFINITION);
    if (rAssocTargetDef == null) {
        throw new ExpressionEvaluationException("No association target object class definition variable in " + desc + "; the expression may be used in a wrong place. It is only supposed to create an association.");
    }
    ShadowDiscriminatorType projectionDiscriminator = evaluatorType.getProjectionDiscriminator();
    if (projectionDiscriminator == null) {
        throw new ExpressionEvaluationException("No projectionDiscriminator in " + desc);
    }
    ShadowKindType kind = projectionDiscriminator.getKind();
    if (kind == null) {
        throw new ExpressionEvaluationException("No kind in projectionDiscriminator in " + desc);
    }
    String intent = projectionDiscriminator.getIntent();
    PrismContainer<ShadowAssociationType> output = outputDefinition.instantiate();
    QName assocName = context.getMappingQName();
    String resourceOid = rAssocTargetDef.getResourceType().getOid();
    Collection<SelectorOptions<GetOperationOptions>> options = null;
    // Always process the first role (myself) regardless of recursion setting
    gatherAssociationsFromAbstractRole(thisRole, output, resourceOid, kind, intent, assocName, options, desc, context);
    if (thisRole instanceof OrgType && matchesForRecursion((OrgType) thisRole)) {
        gatherAssociationsFromAbstractRoleRecurse((OrgType) thisRole, output, resourceOid, kind, intent, assocName, options, desc, context);
    }
    return ItemDelta.toDeltaSetTriple(output, null);
}

Example 30 with SelectorOptions

use of com.evolveum.midpoint.schema.SelectorOptions in project midpoint by Evolveum.

the class AbstractSearchExpressionEvaluator method executeSearchAttempt.

private <O extends ObjectType> List<V> executeSearchAttempt(final List<PrismObject> rawResult, Class<O> targetTypeClass, final QName targetTypeQName, ObjectQuery query, boolean searchOnResource, boolean tryAlsoRepository, final List<ItemDelta<V, D>> additionalAttributeDeltas, final ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
    final List<V> list = new ArrayList<V>();
    Collection<SelectorOptions<GetOperationOptions>> options = new ArrayList<>();
    if (!searchOnResource) {
        options.add(SelectorOptions.create(GetOperationOptions.createNoFetch()));
    }
    extendOptions(options, searchOnResource);
    ResultHandler<O> handler = new ResultHandler<O>() {

        @Override
        public boolean handle(PrismObject<O> object, OperationResult parentResult) {
            if (rawResult != null) {
                rawResult.add(object);
            }
            list.add(createPrismValue(object.getOid(), targetTypeQName, additionalAttributeDeltas, params));
            return true;
        }
    };
    try {
        objectResolver.searchIterative(targetTypeClass, query, options, handler, task, result);
    } catch (IllegalStateException e) {
        // this comes from checkConsistence methods
        throw new IllegalStateException(e.getMessage() + " in " + contextDescription, e);
    } catch (SchemaException e) {
        throw new SchemaException(e.getMessage() + " in " + contextDescription, e);
    } catch (SystemException e) {
        throw new SystemException(e.getMessage() + " in " + contextDescription, e);
    } catch (CommunicationException | ConfigurationException | SecurityViolationException e) {
        if (searchOnResource && tryAlsoRepository) {
            options = SelectorOptions.createCollection(GetOperationOptions.createNoFetch());
            try {
                objectResolver.searchIterative(targetTypeClass, query, options, handler, task, result);
            } catch (SchemaException e1) {
                throw new SchemaException(e1.getMessage() + " in " + contextDescription, e1);
            } catch (CommunicationException | ConfigurationException | SecurityViolationException e1) {
                // shadow for group doesn't exist? (MID-2107)
                throw new ExpressionEvaluationException("Unexpected expression exception " + e + ": " + e.getMessage(), e);
            }
        } else {
            throw new ExpressionEvaluationException("Unexpected expression exception " + e + ": " + e.getMessage(), e);
        }
    } catch (ObjectNotFoundException e) {
        throw e;
    }
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Assignment expression resulted in {} objects, using query:\n{}", list.size(), query.debugDump());
    }
    return list;
}