Examples with RoleSelectionSpecification com.evolveum.midpoint.model.api.RoleSelectionSpecification used on opensource projects

Search in sources :

Example 11 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class AbstractSecurityTest method assertNoAccess.

protected void assertNoAccess(PrismObject<UserType> userJack) throws Exception {
    assertReadDeny();
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    assertReadCertCasesDeny();
    RoleSelectionSpecification roleSpec = getAssignableRoleSpecification(userJack);
    assertNotNull("Null role spec " + roleSpec, roleSpec);
    assertRoleTypes(roleSpec);
    assertFilter(roleSpec.getFilter(), NoneFilter.class);
    assertAuditReadDeny();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification)

Example 12 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class AbstractSecurityTest method assertSuperuserAccess.

protected void assertSuperuserAccess(int readUserNum) throws Exception {
    assertReadAllow(readUserNum);
    assertAddAllow();
    assertModifyAllow();
    assertDeleteAllow();
    // 2 campaigns there
    assertSearch(AccessCertificationCampaignType.class, null, 2);
    assertReadCertCasesAllow();
    assertSearch(TaskType.class, null, 2);
    RoleSelectionSpecification roleSpec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertNotNull("Null role spec " + roleSpec, roleSpec);
    assertNull("Non-null role types in spec " + roleSpec, roleSpec.getRoleTypes());
    assertFilter(roleSpec.getFilter(), null);
    assertAuditReadAllow();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification)

Example 13 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test270AutzJackAssignApplicationRoles.

@Test
public void test270AutzJackAssignApplicationRoles() throws Exception {
    final String TEST_NAME = "test270AutzJackAssignApplicationRoles";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_APPLICATION_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_APPLICATION_ROLES_OID);
    assertAllow("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 3);
    assertAssignedRole(user, ROLE_APPLICATION_1_OID);
    assertDeny("assign business role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, task, result));
    assertAllow("unassign application role from jack", (task, result) -> unassignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec, "application", "nonexistent");
    assertFilter(spec.getFilter(), TypeFilter.class);
    assertAllowRequestItems(USER_JACK_OID, ROLE_APPLICATION_1_OID, null, AssignmentType.F_TARGET_REF, ActivationType.F_VALID_FROM, ActivationType.F_VALID_TO);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Example 14 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test295AutzJackAssignOrgRelation.

@Test
public void test295AutzJackAssignOrgRelation() throws Exception {
    final String TEST_NAME = "test295AutzJackAssignOrgRelation";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_ORGRELATION_OID);
    assignOrg(USER_JACK_OID, ORG_MINISTRY_OF_RUM_OID, null);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    RoleSelectionSpecification specJack = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    display("Spec (jack)", specJack);
    assertRoleTypes(specJack);
    Task task = taskManager.createTaskInstance();
    SearchResultList<PrismObject<AbstractRoleType>> assignableRolesJack = modelService.searchObjects(AbstractRoleType.class, ObjectQuery.createObjectQuery(specJack.getFilter()), null, task, task.getResult());
    display("Assignable roles", assignableRolesJack);
    assertObjectOids("Wrong assignable roles (jack)", assignableRolesJack, ROLE_BUSINESS_3_OID);
    RoleSelectionSpecification specRum = getAssignableRoleSpecification(getUser(userRumRogersOid));
    display("Spec (rum)", specRum);
    assertRoleTypes(specRum);
    SearchResultList<PrismObject<AbstractRoleType>> assignableRolesRum = modelService.searchObjects(AbstractRoleType.class, ObjectQuery.createObjectQuery(specRum.getFilter()), null, task, task.getResult());
    display("Assignable roles", assignableRolesRum);
    assertObjectOids("Wrong assignable roles (rum)", assignableRolesRum, ROLE_BUSINESS_3_OID);
    assertGlobalStateUntouched();
}
Also used : PrismObject(com.evolveum.midpoint.prism.PrismObject) Task(com.evolveum.midpoint.task.api.Task) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) Test(org.testng.annotations.Test)

Example 15 with RoleSelectionSpecification

use of com.evolveum.midpoint.model.api.RoleSelectionSpecification in project midpoint by Evolveum.

the class TestSecurityBasic method test275bAutzJackAssignRequestableOrgs.

/**
	 * MID-3636 partially
	 */
@Test(enabled = false)
public void test275bAutzJackAssignRequestableOrgs() throws Exception {
    final String TEST_NAME = "test275bAutzJackAssignRequestableOrgs";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_END_USER_REQUESTABLE_ABSTACTROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_END_USER_REQUESTABLE_ABSTACTROLES_OID);
    assertAllow("assign requestable org to jack", (task, result) -> assignOrg(USER_JACK_OID, ORG_REQUESTABLE_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, OrgType.class, 1);
    RoleSelectionSpecification spec = getAssignableRoleSpecification(getUser(USER_JACK_OID));
    assertRoleTypes(spec);
    ObjectQuery query = new ObjectQuery();
    query.addFilter(spec.getFilter());
    // set to 6 with requestable org
    assertSearch(AbstractRoleType.class, query, 6);
    assertAllow("unassign business role from jack", (task, result) -> unassignOrg(USER_JACK_OID, ORG_REQUESTABLE_OID, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, OrgType.class, 0);
    assertGlobalStateUntouched();
}
Also used : RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) Test(org.testng.annotations.Test)

Aggregations

RoleSelectionSpecification (com.evolveum.midpoint.model.api.RoleSelectionSpecification)17 Test (org.testng.annotations.Test)11 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)10 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)6 ModelInteractionService (com.evolveum.midpoint.model.api.ModelInteractionService)3 Task (com.evolveum.midpoint.task.api.Task)3 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3 ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)2 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)2 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)2 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)2 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)2 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)2 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)2 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)2 PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PrismReference (com.evolveum.midpoint.prism.PrismReference)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial