Examples with RoleSelectionSpecification com.evolveum.midpoint.model.api.RoleSelectionSpecification used on opensource projects

Search in sources :

Example 6 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test272AutzJackAssignAnyRoles.

@Test
public void test272AutzJackAssignAnyRoles() throws Exception {
    final String TEST_NAME = "test272AutzJackAssignAnyRoles";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_ANY_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_ANY_ROLES_OID);
    assertAllow("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_APPLICATION_1_OID);
    assertAllow("assign business role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    assertAllow("unassign application role from jack", (task, result) -> unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertAllowRequestItems(USER_JACK_OID, ROLE_APPLICATION_1_OID, AuthorizationDecisionType.ALLOW);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Example 7 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test274AutzJackAssignNonApplicationRoles.

@Test
public void test274AutzJackAssignNonApplicationRoles() throws Exception {
    final String TEST_NAME = "test274AutzJackAssignNonApplicationRoles";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_NON_APPLICATION_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_NON_APPLICATION_ROLES_OID);
    assertAllow("assign business role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertDeny("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    assertAllow("unassign business role from jack", (task, result) -> unassignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Example 8 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test278AutzJackAssignRequestableRolesWithOrgRefTweakedDelta.

/**
	 * MID-3136
	 */
@Test
public void test278AutzJackAssignRequestableRolesWithOrgRefTweakedDelta() throws Exception {
    final String TEST_NAME = "test278AutzJackAssignRequestableRolesWithOrgRefTweakedDelta";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assertAllow("assign business role to jack", (task, result) -> assignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_MINISTRY_OF_RUM_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertDeny("assign application role to jack", (task, result) -> {
        Collection<ItemDelta<?, ?>> modifications = new ArrayList<>();
        ContainerDelta<AssignmentType> assignmentDelta1 = ContainerDelta.createDelta(UserType.F_ASSIGNMENT, getUserDefinition());
        PrismContainerValue<AssignmentType> cval = new PrismContainerValue<AssignmentType>(prismContext);
        assignmentDelta1.addValueToAdd(cval);
        PrismReference targetRef = cval.findOrCreateReference(AssignmentType.F_TARGET_REF);
        targetRef.getValue().setOid(ROLE_BUSINESS_2_OID);
        targetRef.getValue().setTargetType(RoleType.COMPLEX_TYPE);
        targetRef.getValue().setRelation(null);
        cval.setId(123L);
        ContainerDelta<AssignmentType> assignmentDelta = assignmentDelta1;
        modifications.add(assignmentDelta);
        ObjectDelta<UserType> userDelta1 = ObjectDelta.createModifyDelta(USER_JACK_OID, modifications, UserType.class, prismContext);
        ObjectDelta<UserType> userDelta = userDelta1;
        Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(userDelta);
        modelService.executeChanges(deltas, null, task, result);
    });
    assertAllow("unassign business role from jack", (task, result) -> unassignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_MINISTRY_OF_RUM_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    display("user after (expected 2 assignments)", user);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertGlobalStateUntouched();
}
Also used : PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) ArrayList(java.util.ArrayList) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType) AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType) PrismReference(com.evolveum.midpoint.prism.PrismReference) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Example 9 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test290AutzJackRoleOwnerAssign.

@Test
public void test290AutzJackRoleOwnerAssign() throws Exception {
    final String TEST_NAME = "test290AutzJackRoleOwnerAssign";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ROLE_OWNER_ASSIGN_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ROLE_OWNER_ASSIGN_OID);
    assertAllow("assign application role 1 to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_APPLICATION_1_OID);
    assertDeny("assign application role 2 to jack", new Attempt() {

        @Override
        public void run(Task task, OperationResult result) throws Exception {
            assignRole(USER_JACK_OID, ROLE_APPLICATION_2_OID, task, result);
        }
    });
    assertAllow("unassign application role 1 from jack", (task, result) -> unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertEquals("Wrong type filter type", RoleType.COMPLEX_TYPE, ((TypeFilter) spec.getFilter()).getType());
    ObjectFilter subfilter = ((TypeFilter) spec.getFilter()).getFilter();
    assertFilter(subfilter, RefFilter.class);
    assertEquals(1, ((RefFilter) subfilter).getValues().size());
    assertEquals("Wrong OID in ref filter", USER_JACK_OID, ((RefFilter) subfilter).getValues().get(0).getOid());
    assertGlobalStateUntouched();
}
Also used : RefFilter(com.evolveum.midpoint.prism.query.RefFilter) Task(com.evolveum.midpoint.task.api.Task) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) TypeFilter(com.evolveum.midpoint.prism.query.TypeFilter) ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) Test(org.testng.annotations.Test)

Example 10 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test277AutzJackAssignRequestableRolesWithOrgRefSecondTime.

/**
	 * Assign a role with parameter while the user already has the same role without a parameter.
	 * It seems that in this case the deltas are processed in a slightly different way.
	 * MID-3136
	 */
@Test
public void test277AutzJackAssignRequestableRolesWithOrgRefSecondTime() throws Exception {
    final String TEST_NAME = "test277AutzJackAssignRequestableRolesWithOrgRefSecondTime";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_REQUESTABLE_ROLES_OID);
    assertAllow("assign business role to jack (no param)", (task, result) -> assignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, null, null, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertAllow("assign business role to jack (org MoR)", (task, result) -> assignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_MINISTRY_OF_RUM_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 4);
    display("user after (expected 4 assignments)", user);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertAllow("assign business role to jack (org Scumm)", (task, result) -> assignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_SCUMM_BAR_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 5);
    display("user after (expected 5 assignments)", user);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertAllow("unassign business role from jack (org Scumm)", (task, result) -> unassignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_SCUMM_BAR_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 4);
    display("user after (expected 4 assignments)", user);
    assertAssignedRole(user, ROLE_BUSINESS_1_OID);
    assertDeny("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_2_OID, task, result));
    assertAllow("unassign business role from jack (no param)", (task, result) -> unassignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, null, null, task, result));
    user = getUser(USER_JACK_OID);
    display("user after (expected 3 assignments)", user);
    assertAssignments(user, 3);
    assertAllow("unassign business role from jack (org MoR)", (task, result) -> unassignPrametricRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, ORG_MINISTRY_OF_RUM_OID, null, task, result));
    user = getUser(USER_JACK_OID);
    display("user after (expected 2 assignments)", user);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Aggregations

RoleSelectionSpecification (com.evolveum.midpoint.model.api.RoleSelectionSpecification)17 Test (org.testng.annotations.Test)11 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)10 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)6 ModelInteractionService (com.evolveum.midpoint.model.api.ModelInteractionService)3 Task (com.evolveum.midpoint.task.api.Task)3 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3 ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)2 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)2 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)2 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)2 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)2 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)2 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)2 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PrismReference (com.evolveum.midpoint.prism.PrismReference)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial