Examples with RefinedObjectClassDefinition com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition used on opensource projects

Example 16 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class AssignmentEditorDto method prepareAssignmentAttributes.

private List<ACAttributeDto> prepareAssignmentAttributes(AssignmentType assignment, PageBase pageBase) {
    List<ACAttributeDto> acAtrList = new ArrayList<>();
    if (assignment == null || assignment.getConstruction() == null || assignment.getConstruction().getAttribute() == null || assignment.getConstruction() == null) {
        return acAtrList;
    }
    OperationResult result = new OperationResult(OPERATION_LOAD_ATTRIBUTES);
    ConstructionType construction = assignment.getConstruction();
    PrismObject<ResourceType> resource = construction.getResource() != null ? construction.getResource().asPrismObject() : null;
    if (resource == null) {
        resource = getReference(construction.getResourceRef(), result, pageBase);
    }
    try {
        PrismContext prismContext = pageBase.getPrismContext();
        RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resource, LayerType.PRESENTATION, prismContext);
        RefinedObjectClassDefinition objectClassDefinition = refinedSchema.getRefinedDefinition(ShadowKindType.ACCOUNT, construction.getIntent());
        if (objectClassDefinition == null) {
            return attributes;
        }
        PrismContainerDefinition definition = objectClassDefinition.toResourceAttributeContainerDefinition();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Refined definition for {}\n{}", construction, definition.debugDump());
        }
        Collection<ItemDefinition> definitions = definition.getDefinitions();
        for (ResourceAttributeDefinitionType attribute : assignment.getConstruction().getAttribute()) {
            for (ItemDefinition attrDef : definitions) {
                if (attrDef instanceof PrismPropertyDefinition) {
                    PrismPropertyDefinition propertyDef = (PrismPropertyDefinition) attrDef;
                    if (propertyDef.isOperational() || propertyDef.isIgnored()) {
                        continue;
                    }
                    if (ItemPathUtil.getOnlySegmentQName(attribute.getRef()).equals(propertyDef.getName())) {
                        acAtrList.add(ACAttributeDto.createACAttributeDto(propertyDef, attribute, prismContext));
                        break;
                    }
                }
            }
        }
        result.recordSuccess();
    } catch (Exception ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Exception occurred during assignment attribute loading", ex);
        result.recordFatalError("Exception occurred during assignment attribute loading.", ex);
    } finally {
        result.recomputeStatus();
    }
    return acAtrList;
}

Example 17 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class AssignmentEditorPanel method loadAttributes.

private List<ACAttributeDto> loadAttributes() {
    AssignmentEditorDto dto = getModel().getObject();
    OperationResult result = new OperationResult(OPERATION_LOAD_ATTRIBUTES);
    List<ACAttributeDto> attributes = new ArrayList<>();
    try {
        ConstructionType construction = WebComponentUtil.getContainerValue(dto.getOldValue(), AssignmentType.F_CONSTRUCTION, ConstructionType.class);
        if (construction == null) {
            return attributes;
        }
        PrismObject<ResourceType> resource = construction.getResource() != null ? construction.getResource().asPrismObject() : null;
        if (resource == null) {
            resource = getReference(construction.getResourceRef(), result);
        }
        PrismContext prismContext = getPageBase().getPrismContext();
        RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resource, LayerType.PRESENTATION, prismContext);
        RefinedObjectClassDefinition objectClassDefinition = refinedSchema.getRefinedDefinition(ShadowKindType.ACCOUNT, construction.getIntent());
        if (objectClassDefinition == null) {
            return attributes;
        }
        PrismContainerDefinition definition = objectClassDefinition.toResourceAttributeContainerDefinition();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Refined definition for {}\n{}", construction, definition.debugDump());
        }
        List<ResourceAttributeDefinitionType> attrConstructions = construction.getAttribute();
        Collection<ItemDefinition> definitions = definition.getDefinitions();
        for (ItemDefinition attrDef : definitions) {
            if (!(attrDef instanceof PrismPropertyDefinition)) {
                // log skipping or something...
                continue;
            }
            PrismPropertyDefinition propertyDef = (PrismPropertyDefinition) attrDef;
            if (propertyDef.isOperational() || propertyDef.isIgnored()) {
                continue;
            }
            attributes.add(ACAttributeDto.createACAttributeDto(propertyDef, findOrCreateValueConstruction(propertyDef, attrConstructions), prismContext));
        }
        result.recordSuccess();
    } catch (Exception ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Exception occurred during assignment attribute loading", ex);
        result.recordFatalError("Exception occurred during assignment attribute loading.", ex);
    } finally {
        result.recomputeStatus();
    }
    Collections.sort(attributes, new Comparator<ACAttributeDto>() {

        @Override
        public int compare(ACAttributeDto a1, ACAttributeDto a2) {
            return String.CASE_INSENSITIVE_ORDER.compare(a1.getName(), a2.getName());
        }
    });
    if (dto.getAttributes() != null && !dto.getAttributes().isEmpty()) {
        for (ACAttributeDto assignmentAttribute : dto.getAttributes()) {
            for (ACAttributeDto attributeDto : attributes) {
                if (attributeDto.getName().equals(assignmentAttribute.getName())) {
                    attributes.set(attributes.indexOf(attributeDto), assignmentAttribute);
                    continue;
                }
            }
        }
    }
    dto.setAttributes(attributes);
    getPageBase().showResult(result, false);
    return dto.getAttributes();
}

Example 18 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class MidpointFunctionsImpl method isUniqueAccountValue.

private <T> boolean isUniqueAccountValue(ResourceType resourceType, final ShadowType shadowType, QName attributeName, T attributeValue, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    Validate.notNull(resourceType, "Null resource");
    Validate.notNull(shadowType, "Null shadow");
    Validate.notNull(attributeName, "Null attribute name");
    Validate.notNull(attributeValue, "Null attribute value");
    RefinedResourceSchema rSchema = RefinedResourceSchemaImpl.getRefinedSchema(resourceType);
    RefinedObjectClassDefinition rAccountDef = rSchema.getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
    RefinedAttributeDefinition attrDef = rAccountDef.findAttributeDefinition(attributeName);
    ObjectQuery query = QueryBuilder.queryFor(ShadowType.class, prismContext).itemWithDef(attrDef, ShadowType.F_ATTRIBUTES, attrDef.getName()).eq(attributeValue).and().item(ShadowType.F_OBJECT_CLASS).eq(rAccountDef.getObjectClassDefinition().getTypeName()).and().item(ShadowType.F_RESOURCE_REF).ref(resourceType.getOid()).build();
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Determining uniqueness of attribute {} using query:\n{}", attributeName, query.debugDump());
    }
    final Holder<Boolean> isUniqueHolder = new Holder<Boolean>(true);
    ResultHandler<ShadowType> handler = new ResultHandler<ShadowType>() {

        @Override
        public boolean handle(PrismObject<ShadowType> object, OperationResult parentResult) {
            if (shadowType == null || shadowType.getOid() == null) {
                // We have found a conflicting object
                isUniqueHolder.setValue(false);
                return false;
            } else {
                if (shadowType.getOid().equals(object.getOid())) {
                    // We have found ourselves. No conflict (yet). Just go on.
                    return true;
                } else {
                    // We have found someone else. Conflict.
                    isUniqueHolder.setValue(false);
                    return false;
                }
            }
        }
    };
    modelObjectResolver.searchIterative(ShadowType.class, query, null, handler, task, result);
    return isUniqueHolder.getValue();
}

Example 19 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class AssociationFromLinkExpressionEvaluator method evaluate.

/* (non-Javadoc)
	 * @see com.evolveum.midpoint.common.expression.ExpressionEvaluator#evaluate(java.util.Collection, java.util.Map, boolean, java.lang.String, com.evolveum.midpoint.schema.result.OperationResult)
	 */
@Override
public PrismValueDeltaSetTriple<PrismContainerValue<ShadowAssociationType>> evaluate(ExpressionEvaluationContext context) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
    String desc = context.getContextDescription();
    Object orderOneObject = context.getVariables().get(ExpressionConstants.VAR_ORDER_ONE_OBJECT);
    if (orderOneObject == null) {
        throw new ExpressionEvaluationException("No order one object variable in " + desc + "; the expression may be used in a wrong place. It is only supposed to work in a role.");
    }
    if (!(orderOneObject instanceof AbstractRoleType)) {
        throw new ExpressionEvaluationException("Order one object variable in " + desc + " is not a role, it is " + orderOneObject.getClass().getName() + "; the expression may be used in a wrong place. It is only supposed to work in a role.");
    }
    AbstractRoleType thisRole = (AbstractRoleType) orderOneObject;
    LOGGER.trace("Evaluating association from link on: {}", thisRole);
    RefinedObjectClassDefinition rAssocTargetDef = (RefinedObjectClassDefinition) context.getVariables().get(ExpressionConstants.VAR_ASSOCIATION_TARGET_OBJECT_CLASS_DEFINITION);
    if (rAssocTargetDef == null) {
        throw new ExpressionEvaluationException("No association target object class definition variable in " + desc + "; the expression may be used in a wrong place. It is only supposed to create an association.");
    }
    ShadowDiscriminatorType projectionDiscriminator = evaluatorType.getProjectionDiscriminator();
    if (projectionDiscriminator == null) {
        throw new ExpressionEvaluationException("No projectionDiscriminator in " + desc);
    }
    ShadowKindType kind = projectionDiscriminator.getKind();
    if (kind == null) {
        throw new ExpressionEvaluationException("No kind in projectionDiscriminator in " + desc);
    }
    String intent = projectionDiscriminator.getIntent();
    PrismContainer<ShadowAssociationType> output = outputDefinition.instantiate();
    QName assocName = context.getMappingQName();
    String resourceOid = rAssocTargetDef.getResourceType().getOid();
    Collection<SelectorOptions<GetOperationOptions>> options = null;
    // Always process the first role (myself) regardless of recursion setting
    gatherAssociationsFromAbstractRole(thisRole, output, resourceOid, kind, intent, assocName, options, desc, context);
    if (thisRole instanceof OrgType && matchesForRecursion((OrgType) thisRole)) {
        gatherAssociationsFromAbstractRoleRecurse((OrgType) thisRole, output, resourceOid, kind, intent, assocName, options, desc, context);
    }
    return ItemDelta.toDeltaSetTriple(output, null);
}

Example 20 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class TestSecurityBasic method test258AutzJackSelfAccountsPartialControlPassword.

@Test
public void test258AutzJackSelfAccountsPartialControlPassword() throws Exception {
    final String TEST_NAME = "test258AutzJackSelfAccountsPartialControlPassword";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    RefinedObjectClassDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null);
    display("Refined objectclass def", rOcDef);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    ProtectedStringType passwordPs = new ProtectedStringType();
    passwordPs.setClearValue("nbusr123");
    assertModifyAllow(UserType.class, USER_JACK_OID, PASSWORD_PATH, passwordPs);
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, PASSWORD_PATH, passwordPs);
    Task task = taskManager.createTaskInstance(TEST_NAME);
    OperationResult result = task.getResult();
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    assertGlobalStateUntouched();
}