Search in sources :

Example 71 with ModelExecuteOptions

use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.

the class AccCertUpdateHelper method modifyObjectPreAuthorized.

<T extends ObjectType> void modifyObjectPreAuthorized(Class<T> objectClass, String oid, Collection<ItemDelta<?, ?>> itemDeltas, Task task, OperationResult result) throws ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException {
    ObjectDelta<T> objectDelta = prismContext.deltaFactory().object().createModifyDelta(oid, itemDeltas, objectClass);
    try {
        ModelExecuteOptions options = ModelExecuteOptions.create(prismContext).raw().preAuthorized();
        modelService.executeChanges(Collections.singletonList(objectDelta), options, task, result);
    } catch (SecurityViolationException | ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException e) {
        throw new SystemException("Unexpected exception when modifying " + objectClass.getSimpleName() + " " + oid + ": " + e.getMessage(), e);
    }
}
Also used : ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions)

Example 72 with ModelExecuteOptions

use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.

the class TestOrgStruct method test234JackDestroyRefsAndLightRecompute.

/**
 * Destroy parentOrgRef and roleMembershipRef in the repo. Then light recompute.
 * Make sure that the refs are fixed and that the resources were not touched.
 * MID-3384
 */
@Test
public void test234JackDestroyRefsAndLightRecompute() throws Exception {
    Task task = getTestTask();
    OperationResult result = task.getResult();
    clearUserOrgAndRoleRefs(USER_JACK_OID);
    rememberCounter(InternalCounters.SHADOW_FETCH_OPERATION_COUNT);
    rememberCounter(InternalCounters.CONNECTOR_OPERATION_COUNT);
    PartialProcessingOptionsType partialProcessing = new PartialProcessingOptionsType();
    partialProcessing.setInbound(PartialProcessingTypeType.SKIP);
    partialProcessing.setObjectTemplateBeforeAssignments(PartialProcessingTypeType.SKIP);
    partialProcessing.setObjectTemplateAfterAssignments(PartialProcessingTypeType.SKIP);
    partialProcessing.setProjection(PartialProcessingTypeType.SKIP);
    partialProcessing.setApprovals(PartialProcessingTypeType.SKIP);
    ModelExecuteOptions options = executeOptions().partialProcessing(partialProcessing).reconcileFocus(true);
    // WHEN
    when();
    modelService.recompute(UserType.class, USER_JACK_OID, options, task, result);
    // THEN
    then();
    assertSuccess(result);
    assertRefs23x();
    assertCounterIncrement(InternalCounters.SHADOW_FETCH_OPERATION_COUNT, 0);
    assertCounterIncrement(InternalCounters.CONNECTOR_OPERATION_COUNT, 0);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Example 73 with ModelExecuteOptions

use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.

the class TestAssignmentsAdvanced method previewAssignRolesToJack.

private void previewAssignRolesToJack(boolean immediate, boolean also24) throws Exception {
    String testName = getTestNameShort();
    Task task = getTestTask();
    OperationResult result = getTestOperationResult();
    boolean TRACE = false;
    // noinspection ConstantConditions
    if (TRACE) {
        result.tracingProfile(tracer.compileProfile(addWorkflowLogging(createModelLoggingTracingProfile()), result));
    }
    List<AssignmentType> assignmentsToAdd = new ArrayList<>();
    assignmentsToAdd.add(createAssignmentTo(roleRole21Oid, ObjectTypes.ROLE, prismContext));
    assignmentsToAdd.add(createAssignmentTo(roleRole22Oid, ObjectTypes.ROLE, prismContext));
    assignmentsToAdd.add(createAssignmentTo(roleRole23Oid, ObjectTypes.ROLE, prismContext));
    assignmentsToAdd.add(createAssignmentTo(roleRole25Oid, ObjectTypes.ROLE, prismContext));
    if (also24) {
        assignmentsToAdd.add(createAssignmentTo(roleRole24Oid, ObjectTypes.ROLE, prismContext));
    }
    ObjectDelta<UserType> primaryDelta = prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToAdd).item(UserType.F_DESCRIPTION).replace(testName).asObjectDelta(userJackOid);
    ModelExecuteOptions options = executeOptions().executeImmediatelyAfterApproval(immediate).partialProcessing(new PartialProcessingOptionsType().approvals(PROCESS));
    ModelContext<ObjectType> modelContext = modelInteractionService.previewChanges(singleton(primaryDelta), options, task, result);
    List<ApprovalSchemaExecutionInformationType> approvalInfo = modelContext.getHookPreviewResults(ApprovalSchemaExecutionInformationType.class);
    PolicyRuleEnforcerPreviewOutputType enforceInfo = modelContext.getPolicyRuleEnforcerPreviewOutput();
    displayContainerablesCollection("Approval infos", approvalInfo);
    display("Enforce info", enforceInfo);
    result.computeStatus();
    // noinspection ConstantConditions
    if (TRACE) {
        tracer.storeTrace(task, result, null);
    }
    // we do not assert success here, because there are (intentional) exceptions in some of the expressions
    assertEquals("Wrong # of schema execution information pieces", also24 ? 5 : 4, approvalInfo.size());
    assertNotNull("No enforcement preview output", enforceInfo);
    List<EvaluatedPolicyRuleType> enforcementRules = enforceInfo.getRule();
    if (also24) {
        assertEquals("Wrong # of enforcement rules", 1, enforcementRules.size());
    } else {
        assertEquals("Wrong # of enforcement rules", 0, enforcementRules.size());
    }
    // shortcuts
    final String l1 = userLead21Oid, l2 = userLead22Oid, l3 = userLead23Oid, l4 = userLead24Oid;
    assertApprovalInfo(approvalInfo, roleRole21Oid, new ExpectedStagePreview(1, set(l1), set(l1)));
    assertApprovalInfo(approvalInfo, roleRole22Oid, new ExpectedStagePreview(1, set(l2), set(l2)));
    assertApprovalInfo(approvalInfo, roleRole23Oid, new ExpectedStagePreview(1, set(l3), set(l3)), new ExpectedStagePreview(2, set(userSecurityApproverOid), set(userSecurityApproverOid)));
    if (also24) {
        assertApprovalInfo(approvalInfo, roleRole24Oid, new ExpectedStagePreview(1, set(l4), set(l4)));
    }
    assertApprovalInfo(approvalInfo, roleRole25Oid, new ExpectedStagePreview(1, set(l1, l2, l3, l4), set(l1, l2, l3, l4)), new ExpectedStagePreview(2, set(), set(l3)), new ExpectedStagePreview(3, set(orgLeads2122Oid), set(orgLeads2122Oid)), new ExpectedStagePreview(4, set(orgLeads2122Oid), set(l1, l2)), new ExpectedStagePreview(5, set(l1, l2, l3, l4), set(), APPROVE, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(6, set(l1, l2, l3, l4), set(), APPROVE, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(7, set(l1, l2, l3, l4), set(), SKIP, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(8, set(l1, l2, l3, l4), set(), REJECT, AUTO_COMPLETION_CONDITION), new ExpectedStagePreview(9, set(l1, l2, l3, l4), set(l1, l2, l3, l4), true), new ExpectedStagePreview(10, set(), set(), REJECT, NO_ASSIGNEES_FOUND));
}
Also used : ExpectedTask(com.evolveum.midpoint.wf.impl.ExpectedTask) Task(com.evolveum.midpoint.task.api.Task) ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PolyString(com.evolveum.midpoint.prism.polystring.PolyString)

Example 74 with ModelExecuteOptions

use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.

the class TestSegregationOfDuties method test950JackSelfExclusion.

/**
 * This does not work because of current optimizations regarding non-default relations:
 * "2018-02-19 17:02:15,977 [main] DEBUG (c.e.m.model.impl.lens.AssignmentEvaluator): Skipping processing of assignment target 9577bd6c-dd5d-48e5-bbb1-554bba5db9be because
 * relation {http://midpoint.evolveum.com/xml/ns/public/common/org-3}approver is configured for recompute skip (mode=ZERO)"
 * <p>
 * i.e. it works only when evaluateAllAssignmentRelationsOnRecompute option is set
 */
@Test(enabled = false)
public void test950JackSelfExclusion() throws Exception {
    Task task = getTestTask();
    OperationResult result = task.getResult();
    // This should go well
    assignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, task, result);
    assertSuccess(result);
    try {
        // This should die
        ModelExecuteOptions options = executeOptions();
        // options.setEvaluateAllAssignmentRelationsOnRecompute(true);
        assignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_OWNER, options, task, result);
        fail("Expected policy violation after adding second self-exclusion role, but it went well");
    } catch (PolicyViolationException e) {
        System.out.println("Got expected exception: " + e.getMessage());
        // assertMessage(e, "Violation of SoD policy: Role \"Judge\" excludes role \"Pirate\", they cannot be assigned at the same time");
        result.computeStatus();
        assertFailure(result);
    }
    unassignRole(USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, task, result);
    assertAssignedNoRole(USER_JACK_OID, result);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Example 75 with ModelExecuteOptions

use of com.evolveum.midpoint.model.api.ModelExecuteOptions in project midpoint by Evolveum.

the class TestConsistencyMechanism method recreateAssignment.

private void recreateAssignment(String userOid, AssignmentType assignmentNoId, Task task, OperationResult result) throws CommonException {
    ModelExecuteOptions options = ModelExecuteOptions.create(PrismContext.get()).reconcile();
    executeChanges(deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(assignmentNoId.clone()).asObjectDelta(userOid), options, task, result);
}
Also used : ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions)

Aggregations

ModelExecuteOptions (com.evolveum.midpoint.model.api.ModelExecuteOptions)80 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)47 Task (com.evolveum.midpoint.task.api.Task)45 Test (org.testng.annotations.Test)30 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)21 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)13 RestartResponseException (org.apache.wicket.RestartResponseException)6 ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)5 ReferenceDelta (com.evolveum.midpoint.prism.delta.ReferenceDelta)4 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)4 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)4 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)4 SelectorOptions (com.evolveum.midpoint.schema.SelectorOptions)3 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)3 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)3 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)3 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)3 ExecuteChangeOptionsDto (com.evolveum.midpoint.web.page.admin.users.component.ExecuteChangeOptionsDto)3 ResourceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType)3 NotNull (org.jetbrains.annotations.NotNull)3