use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.
the class AccCertUpdateHelper method modifyObjectPreAuthorized.
<T extends ObjectType> void modifyObjectPreAuthorized(Class<T> objectClass, String oid, Collection<ItemDelta<?, ?>> itemDeltas, Task task, OperationResult result) throws ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException {
ObjectDelta<T> objectDelta = prismContext.deltaFactory().object().createModifyDelta(oid, itemDeltas, objectClass);
try {
ModelExecuteOptions options = ModelExecuteOptions.create(prismContext).raw().preAuthorized();
modelService.executeChanges(Collections.singletonList(objectDelta), options, task, result);
} catch (SecurityViolationException | ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException e) {
throw new SystemException("Unexpected exception when modifying " + objectClass.getSimpleName() + " " + oid + ": " + e.getMessage(), e);
}
}
use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.
the class TestOrgStruct method test234JackDestroyRefsAndLightRecompute.
/**
* Destroy parentOrgRef and roleMembershipRef in the repo. Then light recompute.
* Make sure that the refs are fixed and that the resources were not touched.
* MID-3384
*/
@Test
public void test234JackDestroyRefsAndLightRecompute() throws Exception {
Task task = getTestTask();
OperationResult result = task.getResult();
clearUserOrgAndRoleRefs(USER_JACK_OID);
rememberCounter(InternalCounters.SHADOW_FETCH_OPERATION_COUNT);
rememberCounter(InternalCounters.CONNECTOR_OPERATION_COUNT);
PartialProcessingOptionsType partialProcessing = new PartialProcessingOptionsType();
partialProcessing.setInbound(PartialProcessingTypeType.SKIP);
partialProcessing.setObjectTemplateBeforeAssignments(PartialProcessingTypeType.SKIP);
partialProcessing.setObjectTemplateAfterAssignments(PartialProcessingTypeType.SKIP);
partialProcessing.setProjection(PartialProcessingTypeType.SKIP);
partialProcessing.setApprovals(PartialProcessingTypeType.SKIP);
ModelExecuteOptions options = executeOptions().partialProcessing(partialProcessing).reconcileFocus(true);
// WHEN
when();
modelService.recompute(UserType.class, USER_JACK_OID, options, task, result);
// THEN
then();
assertSuccess(result);
assertRefs23x();
assertCounterIncrement(InternalCounters.SHADOW_FETCH_OPERATION_COUNT, 0);
assertCounterIncrement(InternalCounters.CONNECTOR_OPERATION_COUNT, 0);
}
use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.
the class TestAssignmentsAdvanced method previewAssignRolesToJack.
private void previewAssignRolesToJack(boolean immediate, boolean also24) throws Exception {
String testName = getTestNameShort();
Task task = getTestTask();
OperationResult result = getTestOperationResult();
boolean TRACE = false;
// noinspection ConstantConditions
if (TRACE) {
result.tracingProfile(tracer.compileProfile(addWorkflowLogging(createModelLoggingTracingProfile()), result));
}
List<AssignmentType> assignmentsToAdd = new ArrayList<>();
assignmentsToAdd.add(createAssignmentTo(roleRole21Oid, ObjectTypes.ROLE, prismContext));
assignmentsToAdd.add(createAssignmentTo(roleRole22Oid, ObjectTypes.ROLE, prismContext));
assignmentsToAdd.add(createAssignmentTo(roleRole23Oid, ObjectTypes.ROLE, prismContext));
assignmentsToAdd.add(createAssignmentTo(roleRole25Oid, ObjectTypes.ROLE, prismContext));
if (also24) {
assignmentsToAdd.add(createAssignmentTo(roleRole24Oid, ObjectTypes.ROLE, prismContext));
}
ObjectDelta<UserType> primaryDelta = prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToAdd).item(UserType.F_DESCRIPTION).replace(testName).asObjectDelta(userJackOid);
ModelExecuteOptions options = executeOptions().executeImmediatelyAfterApproval(immediate).partialProcessing(new PartialProcessingOptionsType().approvals(PROCESS));
ModelContext<ObjectType> modelContext = modelInteractionService.previewChanges(singleton(primaryDelta), options, task, result);
List<ApprovalSchemaExecutionInformationType> approvalInfo = modelContext.getHookPreviewResults(ApprovalSchemaExecutionInformationType.class);
PolicyRuleEnforcerPreviewOutputType enforceInfo = modelContext.getPolicyRuleEnforcerPreviewOutput();
displayContainerablesCollection("Approval infos", approvalInfo);
display("Enforce info", enforceInfo);
result.computeStatus();
// noinspection ConstantConditions
if (TRACE) {
tracer.storeTrace(task, result, null);
}
// we do not assert success here, because there are (intentional) exceptions in some of the expressions
assertEquals("Wrong # of schema execution information pieces", also24 ? 5 : 4, approvalInfo.size());
assertNotNull("No enforcement preview output", enforceInfo);
List<EvaluatedPolicyRuleType> enforcementRules = enforceInfo.getRule();
if (also24) {
assertEquals("Wrong # of enforcement rules", 1, enforcementRules.size());
} else {
assertEquals("Wrong # of enforcement rules", 0, enforcementRules.size());
}
// shortcuts
final String l1 = userLead21Oid, l2 = userLead22Oid, l3 = userLead23Oid, l4 = userLead24Oid;
assertApprovalInfo(approvalInfo, roleRole21Oid, new ExpectedStagePreview(1, set(l1), set(l1)));
assertApprovalInfo(approvalInfo, roleRole22Oid, new ExpectedStagePreview(1, set(l2), set(l2)));
assertApprovalInfo(approvalInfo, roleRole23Oid, new ExpectedStagePreview(1, set(l3), set(l3)), new ExpectedStagePreview(2, set(userSecurityApproverOid), set(userSecurityApproverOid)));
if (also24) {
assertApprovalInfo(approvalInfo, roleRole24Oid, new ExpectedStagePreview(1, set(l4), set(l4)));
}
assertApprovalInfo(approvalInfo, roleRole25Oid, new ExpectedStagePreview(1, set(l1, l2, l3, l4), set(l1, l2, l3, l4)), new ExpectedStagePreview(2, set(), set(l3)), new ExpectedStagePreview(3, set(orgLeads2122Oid), set(orgLeads2122Oid)), new ExpectedStagePreview(4, set(orgLeads2122Oid), set(l1, l2)), new ExpectedStagePreview(5, set(l1, l2, l3, l4), set(), APPROVE, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(6, set(l1, l2, l3, l4), set(), APPROVE, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(7, set(l1, l2, l3, l4), set(), SKIP, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(8, set(l1, l2, l3, l4), set(), REJECT, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(9, set(l1, l2, l3, l4), set(l1, l2, l3, l4), true), new ExpectedStagePreview(10, set(), set(), REJECT, NO_ASSIGNEES_FOUND));
}
use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.
the class TestSegregationOfDuties method test950JackSelfExclusion.
/**
* This does not work because of current optimizations regarding non-default relations:
* "2018-02-19 17:02:15,977 [main] DEBUG (c.e.m.model.impl.lens.AssignmentEvaluator): Skipping processing of assignment target 9577bd6c-dd5d-48e5-bbb1-554bba5db9be because
* relation {http://midpoint.evolveum.com/xml/ns/public/common/org-3}approver is configured for recompute skip (mode=ZERO)"
* <p>
* i.e. it works only when evaluateAllAssignmentRelationsOnRecompute option is set
*/
@Test(enabled = false)
public void test950JackSelfExclusion() throws Exception {
Task task = getTestTask();
OperationResult result = task.getResult();
// This should go well
assignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, task, result);
assertSuccess(result);
try {
// This should die
ModelExecuteOptions options = executeOptions();
// options.setEvaluateAllAssignmentRelationsOnRecompute(true);
assignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_OWNER, options, task, result);
fail("Expected policy violation after adding second self-exclusion role, but it went well");
} catch (PolicyViolationException e) {
System.out.println("Got expected exception: " + e.getMessage());
// assertMessage(e, "Violation of SoD policy: Role \"Judge\" excludes role \"Pirate\", they cannot be assigned at the same time");
result.computeStatus();
assertFailure(result);
}
unassignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, task, result);
assertAssignedNoRole(USER_JACK_OID, result);
}
use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.
the class TestConsistencyMechanism method recreateAssignment.
private void recreateAssignment(String userOid, AssignmentType assignmentNoId, Task task, OperationResult result) throws CommonException {
ModelExecuteOptions options = ModelExecuteOptions.create(PrismContext.get()).reconcile();
executeChanges(deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(assignmentNoId.clone()).asObjectDelta(userOid), options, task, result);
}
Aggregations