Examples with RoleSelectionSpecification com.evolveum.midpoint.model.api.RoleSelectionSpecification used on opensource projects

Search in sources :

Example 1 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class MultipleAssignmentSelectorPanel method getAssignableRolesFilter.

private ObjectFilter getAssignableRolesFilter() {
    LOGGER.debug("Loading roles which the current user has right to assign");
    OperationResult result = new OperationResult(OPERATION_LOAD_ASSIGNABLE_ROLES);
    ObjectFilter filter = null;
    try {
        PageBase pb = getPageBase();
        ModelInteractionService mis = pb.getModelInteractionService();
        RoleSelectionSpecification roleSpec = mis.getAssignableRoleSpecification(focus, result);
        filter = roleSpec.getFilter();
    } catch (Exception ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load available roles", ex);
        result.recordFatalError("Couldn't load available roles", ex);
    } finally {
        result.recomputeStatus();
    }
    if (!result.isSuccess() && !result.isHandledError()) {
        getPageBase().showResult(result);
    }
    return filter;
}
Also used : ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PageBase(com.evolveum.midpoint.gui.api.page.PageBase)

Example 2 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TypedAssignablePanel method createObjectListPanel.

private PopupObjectListPanel<T> createObjectListPanel(String id, final String countId, final QName type) {
    PopupObjectListPanel<T> listPanel = new PopupObjectListPanel<T>(id, qnameToCompileTimeClass(type), true, getPageBase()) {

        @Override
        protected void onUpdateCheckbox(AjaxRequestTarget target) {
            refreshCounts(target);
        }

        @Override
        protected ObjectQuery addFilterToContentQuery(ObjectQuery query) {
            if (type.equals(RoleType.COMPLEX_TYPE)) {
                LOGGER.debug("Loading roles which the current user has right to assign");
                OperationResult result = new OperationResult(OPERATION_LOAD_ASSIGNABLE_ROLES);
                ObjectFilter filter = null;
                try {
                    ModelInteractionService mis = parentPage.getModelInteractionService();
                    RoleSelectionSpecification roleSpec = mis.getAssignableRoleSpecification(SecurityUtils.getPrincipalUser().getUser().asPrismObject(), result);
                    filter = roleSpec.getFilter();
                } catch (Exception ex) {
                    LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load available roles", ex);
                    result.recordFatalError("Couldn't load available roles", ex);
                } finally {
                    result.recomputeStatus();
                }
                if (!result.isSuccess() && !result.isHandledError()) {
                    parentPage.showResult(result);
                }
                if (query == null) {
                    query = new ObjectQuery();
                }
                query.addFilter(filter);
            }
            return query;
        }
    };
    listPanel.setOutputMarkupId(true);
    listPanel.add(new VisibleEnableBehaviour() {

        @Override
        public boolean isVisible() {
            return type.equals(typeModel.getObject());
        }
    });
    return listPanel;
}
Also used : AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget) ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter) VisibleEnableBehaviour(com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)

Example 3 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class AssignmentCatalogPanel method addAssignableRolesFilter.

private void addAssignableRolesFilter(ObjectQuery query) {
    ObjectFilter filter = null;
    LOGGER.debug("Loading roles which the current user has right to assign");
    OperationResult result = new OperationResult(OPERATION_LOAD_ASSIGNABLE_ROLES);
    try {
        ModelInteractionService mis = pageBase.getModelInteractionService();
        RoleSelectionSpecification roleSpec = mis.getAssignableRoleSpecification(getTargetUser(), result);
        filter = roleSpec.getFilter();
    } catch (Exception ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load available roles", ex);
        result.recordFatalError("Couldn't load available roles", ex);
    } finally {
        result.recomputeStatus();
    }
    if (!result.isSuccess() && !result.isHandledError()) {
        pageBase.showResult(result);
    }
    if (query == null) {
        query = new ObjectQuery();
    }
    query.addFilter(filter);
}
Also used : ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)

Example 4 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test279AutzJackAssignRequestableRolesWithTenantRef.

/**
	 * MID-3136
	 */
@Test
public void test279AutzJackAssignRequestableRolesWithTenantRef() throws Exception {
    final String TEST_NAME = "test279AutzJackAssignRequestableRolesWithTenantRef";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assertAllow("assign business role to jack", (task, result) -> assignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, null, ORG_GOVERNOR_OFFICE_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertDeny("assign application role to jack", new Attempt() {

        @Override
        public void run(Task task, OperationResult result) throws Exception {
            assignRole(USER_JACK_OID, ROLE_BUSINESS_2_OID, task, result);
        }
    });
    assertAllow("unassign business role from jack", (task, result) -> unassignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, null, ORG_GOVERNOR_OFFICE_OID, task, result));
    user = getUser(USER_JACK_OID);
    display("user after (expected 2 assignments)", user);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertGlobalStateUntouched();
}
Also used : Task(com.evolveum.midpoint.task.api.Task) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) Test(org.testng.annotations.Test)

Example 5 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test275aAutzJackAssignRequestableRoles.

@Test
public void test275aAutzJackAssignRequestableRoles() throws Exception {
    final String TEST_NAME = "test275aAutzJackAssignRequestableRoles";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assertAllow("assign business role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertDeny("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_2_OID, task, result));
    assertAllow("unassign business role from jack", (task, result) -> unassignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Aggregations

RoleSelectionSpecification (com.evolveum.midpoint.model.api.RoleSelectionSpecification)17 Test (org.testng.annotations.Test)11 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)10 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)6 ModelInteractionService (com.evolveum.midpoint.model.api.ModelInteractionService)3 Task (com.evolveum.midpoint.task.api.Task)3 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3 ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)2 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)2 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)2 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)2 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)2 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)2 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)2 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PrismReference (com.evolveum.midpoint.prism.PrismReference)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial