Examples with AssignmentEvaluator com.evolveum.midpoint.model.impl.lens.assignments.AssignmentEvaluator used on opensource projects

Example 1 with AssignmentEvaluator

use of com.evolveum.midpoint.model.impl.lens.assignments.AssignmentEvaluator in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method determineDeputyValidity.

private boolean determineDeputyValidity(PrismObject<UserType> potentialDeputy, List<ObjectReferenceType> assignees, @Nullable AbstractWorkItemType workItem, QName privilegeLimitationItemName, Task task, OperationResult result) {
    AssignmentEvaluator.Builder<UserType> builder = new AssignmentEvaluator.Builder<UserType>().referenceResolver(referenceResolver).focusOdo(new ObjectDeltaObject<>(potentialDeputy, null, potentialDeputy, potentialDeputy.getDefinition())).channel(null).modelBeans(modelBeans).objectResolver(objectResolver).systemObjectCache(systemObjectCache).relationRegistry(relationRegistry).prismContext(prismContext).mappingFactory(mappingFactory).mappingEvaluator(mappingEvaluator).contextLoader(contextLoader).activationComputer(activationComputer).now(clock.currentTimeXMLGregorianCalendar()).loginMode(true).lensContext(new LensContextPlaceholder<>(potentialDeputy));
    AssignmentEvaluator<UserType> assignmentEvaluator = builder.build();
    for (AssignmentType assignmentType : potentialDeputy.asObjectable().getAssignment()) {
        if (!DeputyUtils.isDelegationAssignment(assignmentType, relationRegistry)) {
            continue;
        }
        try {
            ItemDeltaItem<PrismContainerValue<AssignmentType>, PrismContainerDefinition<AssignmentType>> assignmentIdi = new ItemDeltaItem<>(LensUtil.createAssignmentSingleValueContainer(assignmentType));
            // TODO some special mode for verification of the validity - we don't need complete calculation here!
            EvaluatedAssignment<UserType> assignment = assignmentEvaluator.evaluate(assignmentIdi, PlusMinusZero.ZERO, false, potentialDeputy.asObjectable(), potentialDeputy.toString(), AssignmentOrigin.createInObject(), task, result);
            if (!assignment.isValid()) {
                continue;
            }
            for (EvaluatedAssignmentTarget target : assignment.getRoles().getNonNegativeValues()) {
                // MID-6403
                if (target.getTarget().getOid() != null && DeputyUtils.isDelegationPath(target.getAssignmentPath(), relationRegistry) && ObjectTypeUtil.containsOid(assignees, target.getTarget().getOid())) {
                    List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath());
                    if (workItem != null && DeputyUtils.limitationsAllow(limitations, privilegeLimitationItemName, workItem) || workItem == null && SchemaDeputyUtil.limitationsAllow(limitations, privilegeLimitationItemName)) {
                        return true;
                    }
                }
            }
        } catch (CommonException e) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't verify 'deputy' relation between {} and {} for work item {}; assignment: {}", e, potentialDeputy, assignees, workItem, assignmentType);
        }
    }
    return false;
}