use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class AccessChecker method filterGetAttributes.
public void filterGetAttributes(ResourceAttributeContainer attributeContainer, RefinedObjectClassDefinition objectClassDefinition, OperationResult parentResult) throws SchemaException {
OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
for (ResourceAttribute<?> attribute : attributeContainer.getAttributes()) {
QName attrName = attribute.getElementName();
RefinedAttributeDefinition attrDef = objectClassDefinition.findAttributeDefinition(attrName);
if (attrDef == null) {
String message = "Unknown attribute " + attrName + " in objectclass " + objectClassDefinition;
result.recordFatalError(message);
throw new SchemaException(message);
}
// Need to check model layer, not schema. Model means IDM logic which can be overridden in schemaHandling,
// schema layer is the original one.
PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
if (limitations == null) {
continue;
}
// We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
// e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
// for delayed operations (e.g. consistency) that are passing through this code again.
// TODO: we need to figure a way how to avoid this loop
// if (limitations.isIgnore()) {
// String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
// LOGGER.error(message);
// throw new SchemaException(message);
// }
PropertyAccessType access = limitations.getAccess();
if (access == null) {
continue;
}
if (access.isRead() == null || !access.isRead()) {
LOGGER.trace("Removing non-readable attribute {}", attrName);
attributeContainer.remove(attribute);
}
}
result.recordSuccess();
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class AbstractIntegrationTest method createShadow.
protected PrismObject<ShadowType> createShadow(PrismObject<ResourceType> resource, String uid, String name) throws SchemaException {
PrismObject<ShadowType> shadow = getShadowDefinition().instantiate();
ShadowType shadowType = shadow.asObjectable();
if (name != null) {
shadowType.setName(PrismTestUtil.createPolyStringType(name));
}
ObjectReferenceType resourceRef = new ObjectReferenceType();
resourceRef.setOid(resource.getOid());
shadowType.setResourceRef(resourceRef);
shadowType.setKind(ShadowKindType.ACCOUNT);
RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resource);
RefinedObjectClassDefinition objectClassDefinition = refinedSchema.getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
shadowType.setObjectClass(objectClassDefinition.getTypeName());
ResourceAttributeContainer attrContainer = ShadowUtil.getOrCreateAttributesContainer(shadow, objectClassDefinition);
if (uid != null) {
RefinedAttributeDefinition uidAttrDef = objectClassDefinition.findAttributeDefinition(new QName(SchemaConstants.NS_ICF_SCHEMA, "uid"));
ResourceAttribute<String> uidAttr = uidAttrDef.instantiate();
uidAttr.setRealValue(uid);
attrContainer.add(uidAttr);
}
if (name != null) {
RefinedAttributeDefinition nameAttrDef = objectClassDefinition.findAttributeDefinition(new QName(SchemaConstants.NS_ICF_SCHEMA, "name"));
ResourceAttribute<String> nameAttr = nameAttrDef.instantiate();
nameAttr.setRealValue(name);
attrContainer.add(nameAttr);
}
return shadow;
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class TestAssignmentErrors method test010RefinedSchemaWhite.
@Test
public void test010RefinedSchemaWhite() throws Exception {
final String TEST_NAME = "test010RefinedSchemaWhite";
TestUtil.displayTestTile(TEST_NAME);
// GIVEN
// WHEN
PrismObject<ResourceType> resourceWhite = getObject(ResourceType.class, RESOURCE_DUMMY_WHITE_OID);
RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resourceWhite, prismContext);
display("Refined schema", refinedSchema);
RefinedObjectClassDefinition accountDef = refinedSchema.getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
assertNotNull("Account definition is missing", accountDef);
assertNotNull("Null identifiers in account", accountDef.getPrimaryIdentifiers());
assertFalse("Empty identifiers in account", accountDef.getPrimaryIdentifiers().isEmpty());
assertNotNull("Null secondary identifiers in account", accountDef.getSecondaryIdentifiers());
assertFalse("Empty secondary identifiers in account", accountDef.getSecondaryIdentifiers().isEmpty());
assertNotNull("No naming attribute in account", accountDef.getNamingAttribute());
assertFalse("No nativeObjectClass in account", StringUtils.isEmpty(accountDef.getNativeObjectClass()));
assertEquals("Unexpected kind in account definition", ShadowKindType.ACCOUNT, accountDef.getKind());
assertTrue("Account definition in not default", accountDef.isDefaultInAKind());
assertEquals("Wrong intent in account definition", SchemaConstants.INTENT_DEFAULT, accountDef.getIntent());
assertFalse("Account definition is deprecated", accountDef.isDeprecated());
assertFalse("Account definition in auxiliary", accountDef.isAuxiliary());
RefinedAttributeDefinition uidDef = accountDef.findAttributeDefinition(SchemaConstants.ICFS_UID);
assertEquals(1, uidDef.getMaxOccurs());
assertEquals(0, uidDef.getMinOccurs());
assertFalse("No UID display name", StringUtils.isBlank(uidDef.getDisplayName()));
assertFalse("UID has create", uidDef.canAdd());
assertFalse("UID has update", uidDef.canModify());
assertTrue("No UID read", uidDef.canRead());
assertTrue("UID definition not in identifiers", accountDef.getPrimaryIdentifiers().contains(uidDef));
RefinedAttributeDefinition nameDef = accountDef.findAttributeDefinition(SchemaConstants.ICFS_NAME);
assertEquals(1, nameDef.getMaxOccurs());
assertEquals(1, nameDef.getMinOccurs());
assertFalse("No NAME displayName", StringUtils.isBlank(nameDef.getDisplayName()));
assertTrue("No NAME create", nameDef.canAdd());
assertTrue("No NAME update", nameDef.canModify());
assertTrue("No NAME read", nameDef.canRead());
assertTrue("NAME definition not in identifiers", accountDef.getSecondaryIdentifiers().contains(nameDef));
RefinedAttributeDefinition fullnameDef = accountDef.findAttributeDefinition("fullname");
assertNotNull("No definition for fullname", fullnameDef);
assertEquals(1, fullnameDef.getMaxOccurs());
assertEquals(1, fullnameDef.getMinOccurs());
assertTrue("No fullname create", fullnameDef.canAdd());
assertTrue("No fullname update", fullnameDef.canModify());
assertTrue("No fullname read", fullnameDef.canRead());
assertNull("The _PASSSWORD_ attribute sneaked into schema", accountDef.findAttributeDefinition(new QName(SchemaConstants.NS_ICF_SCHEMA, "password")));
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method createAccount.
protected PrismObject<ShadowType> createAccount(PrismObject<ResourceType> resource, String name, boolean enabled) throws SchemaException {
PrismObject<ShadowType> shadow = getShadowDefinition().instantiate();
ShadowType shadowType = shadow.asObjectable();
ObjectReferenceType resourceRef = new ObjectReferenceType();
resourceRef.setOid(resource.getOid());
shadowType.setResourceRef(resourceRef);
RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resource);
RefinedObjectClassDefinition objectClassDefinition = refinedSchema.getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
shadowType.setObjectClass(objectClassDefinition.getTypeName());
shadowType.setKind(ShadowKindType.ACCOUNT);
ResourceAttributeContainer attrCont = ShadowUtil.getOrCreateAttributesContainer(shadow, objectClassDefinition);
RefinedAttributeDefinition idSecondaryDef = objectClassDefinition.getSecondaryIdentifiers().iterator().next();
ResourceAttribute icfsNameAttr = idSecondaryDef.instantiate();
icfsNameAttr.setRealValue(name);
attrCont.add(icfsNameAttr);
ActivationType activation = new ActivationType();
shadowType.setActivation(activation);
if (enabled) {
activation.setAdministrativeStatus(ActivationStatusType.ENABLED);
} else {
activation.setAdministrativeStatus(ActivationStatusType.DISABLED);
}
return shadow;
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class ShadowManager method normalizeDelta.
public <T> void normalizeDelta(ItemDelta<PrismPropertyValue<T>, PrismPropertyDefinition<T>> delta, RefinedObjectClassDefinition objectClassDefinition) throws SchemaException {
if (!ShadowType.F_ATTRIBUTES.equals(ItemPath.getName(delta.getPath().first()))) {
return;
}
RefinedAttributeDefinition rAttrDef = objectClassDefinition.findAttributeDefinition(delta.getElementName());
if (rAttrDef == null) {
throw new SchemaException("Failed to normalize attribute: " + delta.getElementName() + ". Definition for this attribute doesn't exist.");
}
normalizeDelta(delta, rAttrDef);
}
Aggregations