use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class ShadowManager method createSearchShadowQuery.
private ObjectQuery createSearchShadowQuery(ProvisioningContext ctx, Collection<ResourceAttribute<?>> identifiers, boolean primaryIdentifiersOnly, PrismContext prismContext, OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
S_AtomicFilterEntry q = QueryBuilder.queryFor(ShadowType.class, prismContext);
RefinedObjectClassDefinition objectClassDefinition = ctx.getObjectClassDefinition();
for (PrismProperty<?> identifier : identifiers) {
RefinedAttributeDefinition rAttrDef;
PrismPropertyValue<?> identifierValue = identifier.getValue();
if (objectClassDefinition == null) {
// If there is no specific object class definition then the identifier definition
// must be the same in all object classes and that means that we can use
// definition from any of them.
RefinedObjectClassDefinition anyDefinition = ctx.getRefinedSchema().getRefinedDefinitions().iterator().next();
rAttrDef = anyDefinition.findAttributeDefinition(identifier.getElementName());
if (primaryIdentifiersOnly && !anyDefinition.isPrimaryIdentifier(identifier.getElementName())) {
continue;
}
} else {
if (primaryIdentifiersOnly && !objectClassDefinition.isPrimaryIdentifier(identifier.getElementName())) {
continue;
}
rAttrDef = objectClassDefinition.findAttributeDefinition(identifier.getElementName());
}
String normalizedIdentifierValue = (String) getNormalizedAttributeValue(identifierValue, rAttrDef);
PrismPropertyDefinition<String> def = (PrismPropertyDefinition<String>) identifier.getDefinition();
q = q.itemWithDef(def, ShadowType.F_ATTRIBUTES, def.getName()).eq(normalizedIdentifierValue).and();
}
if (identifiers.size() < 1) {
throw new SchemaException("Identifier not specified. Cannot create search query by identifier.");
}
if (objectClassDefinition != null) {
q = q.item(ShadowType.F_OBJECT_CLASS).eq(objectClassDefinition.getTypeName()).and();
}
return q.item(ShadowType.F_RESOURCE_REF).ref(ctx.getResourceOid()).build();
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class ShadowManager method compareAttribute.
public <T> boolean compareAttribute(RefinedObjectClassDefinition refinedObjectClassDefinition, ResourceAttribute<T> attributeA, T... valuesB) throws SchemaException {
RefinedAttributeDefinition refinedAttributeDefinition = refinedObjectClassDefinition.findAttributeDefinition(attributeA.getElementName());
Collection<T> valuesA = getNormalizedAttributeValues(attributeA, refinedAttributeDefinition);
return MiscUtil.unorderedCollectionEquals(valuesA, Arrays.asList(valuesB));
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class ShadowManager method normalizeAttributes.
public void normalizeAttributes(PrismObject<ShadowType> shadow, RefinedObjectClassDefinition objectClassDefinition) throws SchemaException {
for (ResourceAttribute<?> attribute : ShadowUtil.getAttributes(shadow)) {
RefinedAttributeDefinition rAttrDef = objectClassDefinition.findAttributeDefinition(attribute.getElementName());
normalizeAttribute(attribute, rAttrDef);
}
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class ProjectionValuesProcessor method willResetIterationCounter.
private boolean willResetIterationCounter(LensProjectionContext projectionContext) throws SchemaException {
ObjectDelta<ShadowType> accountDelta = projectionContext.getDelta();
if (accountDelta == null) {
return false;
}
RefinedObjectClassDefinition oOcDef = projectionContext.getCompositeObjectClassDefinition();
for (RefinedAttributeDefinition identifierDef : oOcDef.getPrimaryIdentifiers()) {
ItemPath identifierPath = new ItemPath(ShadowType.F_ATTRIBUTES, identifierDef.getName());
if (accountDelta.findPropertyDelta(identifierPath) != null) {
return true;
}
}
for (RefinedAttributeDefinition identifierDef : oOcDef.getSecondaryIdentifiers()) {
ItemPath identifierPath = new ItemPath(ShadowType.F_ATTRIBUTES, identifierDef.getName());
if (accountDelta.findPropertyDelta(identifierPath) != null) {
return true;
}
}
return false;
}
use of com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition in project midpoint by Evolveum.
the class AccessChecker method checkModify.
public void checkModify(ResourceType resource, PrismObject<ShadowType> shadow, Collection<? extends ItemDelta> modifications, RefinedObjectClassDefinition objectClassDefinition, OperationResult parentResult) throws SecurityViolationException, SchemaException {
OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
for (ItemDelta modification : modifications) {
if (!(modification instanceof PropertyDelta<?>)) {
continue;
}
PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
if (!SchemaConstants.PATH_ATTRIBUTES.equivalent(attrDelta.getParentPath())) {
// Not an attribute
continue;
}
QName attrName = attrDelta.getElementName();
RefinedAttributeDefinition attrDef = objectClassDefinition.findAttributeDefinition(attrName);
if (attrDef == null) {
throw new SchemaException("Cannot find definition of attribute " + attrName + " in " + objectClassDefinition);
}
PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
if (limitations == null) {
continue;
}
// We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
// e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
// for delayed operations (e.g. consistency) that are passing through this code again.
// TODO: we need to figure a way how to avoid this loop
// if (limitations.isIgnore()) {
// String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
// LOGGER.error(message);
// throw new SchemaException(message);
// }
PropertyAccessType access = limitations.getAccess();
if (access == null) {
continue;
}
if (access.isModify() == null || !access.isModify()) {
String message = "Attempt to modify non-updateable attribute " + attrName;
LOGGER.error(message);
result.recordFatalError(message);
throw new SecurityViolationException(message);
}
}
result.recordSuccess();
}
Aggregations