Example 11 with EvaluatedPolicyRule
use of com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule in project midpoint by Evolveum.
the class PolicyRuleBasedAspect method createSchemaWithRules.
private ApprovalSchemaBuilder.Result createSchemaWithRules(List<EvaluatedPolicyRule> triggeredApprovalRules, PlusMinusZero plusMinusZero, @NotNull EvaluatedAssignment<?> evaluatedAssignment, ModelInvocationContext ctx, OperationResult result) throws SchemaException {
PrismObject<?> targetObject = evaluatedAssignment.getTarget();
ApprovalSchemaBuilder builder = new ApprovalSchemaBuilder(this, approvalSchemaHelper);
// (1) legacy approvers (only if adding)
LegacyApproversSpecificationUsageType configuredUseLegacyApprovers = baseConfigurationHelper.getUseLegacyApproversSpecification(ctx.wfConfiguration);
boolean useLegacyApprovers = configuredUseLegacyApprovers == LegacyApproversSpecificationUsageType.ALWAYS || configuredUseLegacyApprovers == LegacyApproversSpecificationUsageType.IF_NO_EXPLICIT_APPROVAL_POLICY_ACTION && triggeredApprovalRules.isEmpty();
if (plusMinusZero == PlusMinusZero.PLUS && useLegacyApprovers && targetObject.asObjectable() instanceof AbstractRoleType) {
AbstractRoleType abstractRole = (AbstractRoleType) targetObject.asObjectable();
if (abstractRole.getApprovalSchema() != null) {
builder.addPredefined(targetObject, abstractRole.getApprovalSchema().clone());
LOGGER.trace("Added legacy approval schema for {}", evaluatedAssignment);
} else if (!abstractRole.getApproverRef().isEmpty() || !abstractRole.getApproverExpression().isEmpty()) {
ApprovalStageDefinitionType level = new ApprovalStageDefinitionType(prismContext);
level.getApproverRef().addAll(CloneUtil.cloneCollectionMembers(abstractRole.getApproverRef()));
level.getApproverExpression().addAll(CloneUtil.cloneCollectionMembers(abstractRole.getApproverExpression()));
level.setAutomaticallyApproved(abstractRole.getAutomaticallyApproved());
// consider default (if expression returns no approvers) -- currently it is "reject"; it is probably correct
builder.addPredefined(targetObject, level);
LOGGER.trace("Added legacy approval schema (from approverRef, approverExpression, automaticallyApproved) for {}", evaluatedAssignment);
}
}
// (2) default policy action (only if adding)
if (triggeredApprovalRules.isEmpty() && plusMinusZero == PlusMinusZero.PLUS && baseConfigurationHelper.getUseDefaultApprovalPolicyRules(ctx.wfConfiguration) != DefaultApprovalPolicyRulesUsageType.NEVER) {
if (builder.addPredefined(targetObject, SchemaConstants.ORG_APPROVER, result)) {
LOGGER.trace("Added default approval action, as no explicit one was found for {}", evaluatedAssignment);
}
}
// (3) actions from triggered rules
for (EvaluatedPolicyRule approvalRule : triggeredApprovalRules) {
ApprovalPolicyActionType approvalAction = approvalRule.getActions().getApproval();
builder.add(getSchemaFromAction(approvalAction), approvalAction.getCompositionStrategy(), targetObject, approvalRule);
}
return builder.buildSchema(ctx, result);
}
Also used :
EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)
Example 12 with EvaluatedPolicyRule
use of com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule in project midpoint by Evolveum.
the class FocusProcessor method triggerAssignmentFocusPolicyRules.
// TODO: should we really do this? Focus policy rules (e.g. forbidden modifications) are irrelevant in this situation,
// TODO: i.e. if we are assigning the object into some other object [med]
private <F extends FocusType> void triggerAssignmentFocusPolicyRules(LensContext<F> context, String activityDescription, XMLGregorianCalendar now, Task task, OperationResult result) throws PolicyViolationException, SchemaException {
LensFocusContext<F> focusContext = context.getFocusContext();
DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = context.getEvaluatedAssignmentTriple();
if (evaluatedAssignmentTriple == null) {
return;
}
for (EvaluatedAssignmentImpl<?> evaluatedAssignment : evaluatedAssignmentTriple.getNonNegativeValues()) {
Collection<EvaluatedPolicyRule> policyRules = evaluatedAssignment.getFocusPolicyRules();
for (EvaluatedPolicyRule policyRule : policyRules) {
triggerRule(focusContext, policyRule);
}
}
}
Also used :
EvaluatedAssignmentImpl(com.evolveum.midpoint.model.impl.lens.EvaluatedAssignmentImpl)
EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)
Example 13 with EvaluatedPolicyRule
use of com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule in project midpoint by Evolveum.
the class FocusProcessor method triggerGlobalRules.
private <F extends FocusType> void triggerGlobalRules(LensContext<F> context) throws SchemaException, PolicyViolationException {
PrismObject<SystemConfigurationType> systemConfiguration = context.getSystemConfiguration();
if (systemConfiguration == null) {
return;
}
LensFocusContext<F> focusContext = context.getFocusContext();
// We need to consider object before modification here. We need to prohibit the modification, so we
// cannot look at modified object.
PrismObject<F> focus = focusContext.getObjectCurrent();
if (focus == null) {
focus = focusContext.getObjectNew();
}
for (GlobalPolicyRuleType globalPolicyRule : systemConfiguration.asObjectable().getGlobalPolicyRule()) {
ObjectSelectorType focusSelector = globalPolicyRule.getFocusSelector();
if (cacheRepositoryService.selectorMatches(focusSelector, focus, LOGGER, "Global policy rule " + globalPolicyRule.getName() + ": ")) {
EvaluatedPolicyRule evaluatedRule = new EvaluatedPolicyRuleImpl(globalPolicyRule, null);
triggerRule(focusContext, evaluatedRule);
}
}
}
Also used :
EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)
GlobalPolicyRuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.GlobalPolicyRuleType)
EvaluatedPolicyRuleImpl(com.evolveum.midpoint.model.impl.lens.EvaluatedPolicyRuleImpl)
SystemConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType)
ObjectSelectorType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSelectorType)
Example 14 with EvaluatedPolicyRule
use of com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule in project midpoint by Evolveum.
the class CollectionProcessor method evaluateCollectionPolicyRules.
Collection<EvaluatedPolicyRule> evaluateCollectionPolicyRules(PrismObject<ObjectCollectionType> collection, CompiledObjectCollectionView collectionView, Class<? extends ObjectType> targetTypeClass, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
if (collectionView == null) {
collectionView = new CompiledObjectCollectionView();
compileObjectCollectionView(collectionView, null, collection.asObjectable(), targetTypeClass, task, result);
}
Collection<EvaluatedPolicyRule> evaluatedPolicyRules = new ArrayList<>();
for (AssignmentType assignmentType : collection.asObjectable().getAssignment()) {
PolicyRuleType policyRuleType = assignmentType.getPolicyRule();
if (policyRuleType == null) {
continue;
}
evaluatedPolicyRules.add(evaluatePolicyRule(collection, collectionView, assignmentType, policyRuleType, task, result));
}
return evaluatedPolicyRules;
}
Also used :
EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)
CompiledObjectCollectionView(com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView)
ArrayList(java.util.ArrayList)
Example 15 with EvaluatedPolicyRule
use of com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule in project midpoint by Evolveum.
the class TestCollections method test112EvaluateRulesAllEnabled.
@Test
public void test112EvaluateRulesAllEnabled() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
// WHEN
when();
Collection<EvaluatedPolicyRule> evaluatedRules = modelInteractionService.evaluateCollectionPolicyRules(collectionActiveUsers, collectionViewActiveUsers, null, task, result);
// THEN
then();
assertSuccess(result);
assertEvaluatedPolicyRules(evaluatedRules, collectionActiveUsers).single().assertNotTriggered();
}
Also used :
EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Test(org.testng.annotations.Test)
Aggregations
EvaluatedPolicyRule (com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)23
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)9
Task (com.evolveum.midpoint.task.api.Task)5
Test (org.testng.annotations.Test)5
EvaluatedSituationTrigger (com.evolveum.midpoint.model.api.context.EvaluatedSituationTrigger)3
LensContext (com.evolveum.midpoint.model.impl.lens.LensContext)3
LensFocusContext (com.evolveum.midpoint.model.impl.lens.LensFocusContext)3
AssignmentPolicyRuleEvaluationContext (com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext)3
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3
PolicySituationPolicyConstraintType (com.evolveum.midpoint.xml.ns._public.common.common_3.PolicySituationPolicyConstraintType)3
List (java.util.List)3
Collectors (java.util.stream.Collectors)3
CompiledObjectCollectionView (com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView)2
EvaluatedAssignmentImpl (com.evolveum.midpoint.model.impl.lens.EvaluatedAssignmentImpl)2
EvaluatedPolicyRuleImpl (com.evolveum.midpoint.model.impl.lens.EvaluatedPolicyRuleImpl)2
EvaluatedAssignmentImpl (com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl)2
PolicyRuleEvaluationContext (com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEvaluationContext)2
RecordingProgressListener (com.evolveum.midpoint.model.impl.util.RecordingProgressListener)2
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2
SchemaConstants (com.evolveum.midpoint.schema.constants.SchemaConstants)2
