use of com.evolveum.midpoint.model.impl.lens.assignments.AssignmentEvaluator in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method determineDeputyValidity.
private boolean determineDeputyValidity(PrismObject<UserType> potentialDeputy, List<ObjectReferenceType> assignees, @Nullable AbstractWorkItemType workItem, QName privilegeLimitationItemName, Task task, OperationResult result) {
AssignmentEvaluator.Builder<UserType> builder = new AssignmentEvaluator.Builder<UserType>().referenceResolver(referenceResolver).focusOdo(new ObjectDeltaObject<>(potentialDeputy, null, potentialDeputy, potentialDeputy.getDefinition())).channel(null).modelBeans(modelBeans).objectResolver(objectResolver).systemObjectCache(systemObjectCache).relationRegistry(relationRegistry).prismContext(prismContext).mappingFactory(mappingFactory).mappingEvaluator(mappingEvaluator).contextLoader(contextLoader).activationComputer(activationComputer).now(clock.currentTimeXMLGregorianCalendar()).loginMode(true).lensContext(new LensContextPlaceholder<>(potentialDeputy));
AssignmentEvaluator<UserType> assignmentEvaluator = builder.build();
for (AssignmentType assignmentType : potentialDeputy.asObjectable().getAssignment()) {
if (!DeputyUtils.isDelegationAssignment(assignmentType, relationRegistry)) {
continue;
}
try {
ItemDeltaItem<PrismContainerValue<AssignmentType>, PrismContainerDefinition<AssignmentType>> assignmentIdi = new ItemDeltaItem<>(LensUtil.createAssignmentSingleValueContainer(assignmentType));
// TODO some special mode for verification of the validity - we don't need complete calculation here!
EvaluatedAssignment<UserType> assignment = assignmentEvaluator.evaluate(assignmentIdi, PlusMinusZero.ZERO, false, potentialDeputy.asObjectable(), potentialDeputy.toString(), AssignmentOrigin.createInObject(), task, result);
if (!assignment.isValid()) {
continue;
}
for (EvaluatedAssignmentTarget target : assignment.getRoles().getNonNegativeValues()) {
// MID-6403
if (target.getTarget().getOid() != null && DeputyUtils.isDelegationPath(target.getAssignmentPath(), relationRegistry) && ObjectTypeUtil.containsOid(assignees, target.getTarget().getOid())) {
List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath());
if (workItem != null && DeputyUtils.limitationsAllow(limitations, privilegeLimitationItemName, workItem) || workItem == null && SchemaDeputyUtil.limitationsAllow(limitations, privilegeLimitationItemName)) {
return true;
}
}
}
} catch (CommonException e) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't verify 'deputy' relation between {} and {} for work item {}; assignment: {}", e, potentialDeputy, assignees, workItem, assignmentType);
}
}
return false;
}
Aggregations