use of com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl in project midpoint by Evolveum.
the class AbstractAssignmentEvaluatorTest method test400UserFred.
// MID-4251
@Test
public void test400UserFred() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
String pastTime = XmlTypeConverter.fromNow(createDuration("-P3D")).toString();
String futureTime = XmlTypeConverter.fromNow(createDuration("P3D")).toString();
UserType fred = new UserType(prismContext).name("fred").description(futureTime).subtype(DYNAMIC_ORG_ASSIGNMENT_SUBTYPE);
addObject(fred.asPrismObject());
PrismObject<UserType> fredAsCreated = findUserByUsername("fred");
display("fred as created", fredAsCreated);
ObjectDelta<UserType> descriptionDelta = prismContext.deltaFor(UserType.class).item(UserType.F_DESCRIPTION).replace(pastTime).asObjectDeltaCast(fredAsCreated.getOid());
LensContext<UserType> lensContext = createUserLensContext();
fillContextWithUser(lensContext, fredAsCreated.getOid(), result);
addFocusDeltaToContext(lensContext, descriptionDelta);
// WHEN
when();
projector.project(lensContext, "test", task, result);
// THEN
then();
assertSuccess(result);
DeltaSetTriple<EvaluatedAssignmentImpl<?>> triple = lensContext.getEvaluatedAssignmentTriple();
displayValue("Evaluated assignment triple", triple.debugDump());
assertEquals("Wrong # of evaluated assignments zero set", 0, triple.getZeroSet().size());
assertEquals("Wrong # of evaluated assignments plus set", 1, triple.getPlusSet().size());
assertEquals("Wrong # of evaluated assignments minus set", 1, triple.getMinusSet().size());
assertSerializable(lensContext);
}
use of com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl in project midpoint by Evolveum.
the class TestAssignmentProcessor method test210AssignEngineer.
/**
* Checking approval policy rules. (See note above.)
*
* Engineer has a generic metarole that provides these policy rules: approve-any-corp-rule, notify-exclusion-violations.
* However, it induces an Employee role that has also this generic metarole. Moreover, it has "employee-excludes-contractor"
* rule.
*
* First occurrence of the approval rule should have a trigger. Second one should be without a trigger.
*/
@Test
public void test210AssignEngineer() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
LensContext<UserType> context = createUserLensContext();
PrismObject<UserType> user = getUser(USER_JACK_OID);
AssignmentType assignmentType = new AssignmentType(prismContext);
assignmentType.setTargetRef(ObjectTypeUtil.createObjectRef(ROLE_CORP_ENGINEER_OID, ObjectTypes.ROLE));
fillContextWithFocus(context, user);
addFocusDeltaToContext(context, prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(assignmentType).asObjectDelta(USER_JACK_OID));
recompute(context);
displayDumpable("Input context", context);
assertFocusModificationSanity(context);
when();
processAssignments(task, result, context);
then();
displayDumpable("Output context", context);
display("outbound processor result", result);
assertSuccess("Outbound processor failed (result)", result);
assertSame(context.getFocusContext().getPrimaryDelta().getChangeType(), ChangeType.MODIFY);
assertNull("Unexpected user changes", context.getFocusContext().getSecondaryDelta());
assertFalse("No account changes", context.getProjectionContexts().isEmpty());
DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = context.getEvaluatedAssignmentTriple();
assertEquals("Wrong # of added assignments", 1, evaluatedAssignmentTriple.getPlusSet().size());
displayValue("Policy rules", context.dumpAssignmentPolicyRules(3));
EvaluatedAssignmentImpl<?> evaluatedAssignment = evaluatedAssignmentTriple.getPlusSet().iterator().next();
assertEquals("Wrong # of focus policy rules", 0, evaluatedAssignment.getFocusPolicyRules().size());
assertEquals("Wrong # of this target policy rules", 2, evaluatedAssignment.getThisTargetPolicyRules().size());
Collection<? extends EvaluatedPolicyRule> policyRules = evaluatedAssignment.getAllTargetsPolicyRules();
assertEquals("Wrong # of target policy rules", 5, policyRules.size());
assertSerializable(context);
}
use of com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl in project midpoint by Evolveum.
the class TestPolicyRules method test150AssignRoleThiefToJack.
/**
* Thief has got separated constraints and actions.
*/
@Test
public void test150AssignRoleThiefToJack() throws Exception {
Task task = getTestTask();
OperationResult result = getTestOperationResult();
// GIVEN
LensContext<UserType> context = createUserLensContext();
fillContextWithUser(context, USER_JACK_OID, result);
addModificationToContextAssignRole(context, USER_JACK_OID, ROLE_THIEF_OID);
displayDumpable("Input context", context);
assertFocusModificationSanity(context);
rememberCounter(InternalCounters.SHADOW_FETCH_OPERATION_COUNT);
// WHEN
when();
projector.project(context, "test", task, result);
// THEN
then();
result.computeStatus();
TestUtil.assertSuccess(result);
DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = context.getEvaluatedAssignmentTriple();
displayDumpable("Output evaluatedAssignmentTriple", evaluatedAssignmentTriple);
dumpPolicyRules(context);
dumpPolicySituations(context);
assertEvaluatedTargetPolicyRules(context, 9);
assertTargetTriggers(context, PolicyConstraintKindType.EXCLUSION, 1);
assertTargetTriggers(context, PolicyConstraintKindType.SITUATION, 1);
EvaluatedExclusionTrigger triggerExclusion = (EvaluatedExclusionTrigger) assertTriggeredTargetPolicyRule(context, null, PolicyConstraintKindType.EXCLUSION, 1, false);
assertNotNull("No conflicting assignment in trigger", triggerExclusion.getConflictingAssignment());
assertEquals("Wrong conflicting assignment in trigger", ROLE_JUDGE_OID, triggerExclusion.getConflictingAssignment().getTarget().getOid());
EvaluatedSituationTrigger triggerSituation = (EvaluatedSituationTrigger) assertTriggeredTargetPolicyRule(context, null, PolicyConstraintKindType.SITUATION, 1, false);
assertEquals("Wrong # of source rules", 1, triggerSituation.getSourceRules().size());
EvaluatedPolicyRule sourceRule = triggerSituation.getSourceRules().iterator().next();
EvaluatedExclusionTrigger sourceTrigger = (EvaluatedExclusionTrigger) sourceRule.getTriggers().iterator().next();
assertNotNull("No conflicting assignment in source trigger", sourceTrigger.getConflictingAssignment());
assertEquals("Wrong conflicting assignment in source trigger", ROLE_JUDGE_OID, sourceTrigger.getConflictingAssignment().getTarget().getOid());
assertSerializable(context);
}
use of com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl in project midpoint by Evolveum.
the class HasAssignmentConstraintEvaluator method evaluate.
@Override
public <AH extends AssignmentHolderType> EvaluatedHasAssignmentTrigger evaluate(@NotNull JAXBElement<HasAssignmentPolicyConstraintType> constraintElement, @NotNull PolicyRuleEvaluationContext<AH> ctx, OperationResult parentResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
try {
boolean shouldExist = QNameUtil.match(constraintElement.getName(), PolicyConstraintsType.F_HAS_ASSIGNMENT);
HasAssignmentPolicyConstraintType constraint = constraintElement.getValue();
ObjectReferenceType constraintTargetRef = constraint.getTargetRef();
if (constraintTargetRef == null) {
throw new SchemaException("No targetRef in hasAssignment constraint");
}
DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = ctx.lensContext.getEvaluatedAssignmentTriple();
if (evaluatedAssignmentTriple == null) {
return createTriggerIfShouldNotExist(shouldExist, constraintElement, ctx, result);
}
boolean allowMinus = ctx.state == ObjectState.BEFORE;
boolean allowZero = true;
boolean allowPlus = ctx.state == ObjectState.AFTER;
boolean allowDirect = !Boolean.FALSE.equals(constraint.isDirect());
boolean allowIndirect = !Boolean.TRUE.equals(constraint.isDirect());
boolean allowEnabled = !Boolean.FALSE.equals(constraint.isEnabled());
boolean allowDisabled = !Boolean.TRUE.equals(constraint.isEnabled());
ConstraintReferenceMatcher<AH> refMatcher = new ConstraintReferenceMatcher<>(ctx, constraintTargetRef, expressionFactory, result, LOGGER);
List<PrismObject<?>> matchingTargets = new ArrayList<>();
for (EvaluatedAssignmentImpl<?> evaluatedAssignment : evaluatedAssignmentTriple.getNonNegativeValues()) {
// MID-6403
AssignmentOrigin origin = evaluatedAssignment.getOrigin();
boolean assignmentIsAdded = origin.isBeingAdded();
boolean assignmentIsDeleted = origin.isBeingDeleted();
boolean assignmentIsKept = origin.isBeingKept();
DeltaSetTriple<EvaluatedAssignmentTargetImpl> targetsTriple = evaluatedAssignment.getRoles();
for (EvaluatedAssignmentTargetImpl target : targetsTriple.getNonNegativeValues()) {
// MID-6403
if (!target.appliesToFocus()) {
continue;
}
if (!(allowDirect && target.isDirectlyAssigned() || allowIndirect && !target.isDirectlyAssigned())) {
continue;
}
if (!(allowEnabled && target.isValid() || allowDisabled && !target.isValid())) {
continue;
}
if (!relationMatches(constraintTargetRef.getRelation(), constraint.getRelation(), target.getAssignment())) {
continue;
}
boolean targetIsInPlusSet = targetsTriple.presentInPlusSet(target);
boolean targetIsInZeroSet = targetsTriple.presentInZeroSet(target);
boolean targetIsInMinusSet = targetsTriple.presentInMinusSet(target);
// TODO check these computations
boolean isPlus = assignmentIsAdded || assignmentIsKept && targetIsInPlusSet;
boolean isZero = assignmentIsKept && targetIsInZeroSet;
boolean isMinus = assignmentIsDeleted || assignmentIsKept && targetIsInMinusSet;
// noinspection ConstantConditions
if (!(allowPlus && isPlus || allowZero && isZero || allowMinus && isMinus)) {
continue;
}
if (refMatcher.refMatchesTarget(target.getTarget(), "hasAssignment constraint")) {
// TODO more specific trigger, containing information on matching assignment; see ExclusionConstraintEvaluator
matchingTargets.add(target.getTarget());
}
}
}
if (!matchingTargets.isEmpty()) {
if (shouldExist) {
PrismObject<?> anyTargetObject = matchingTargets.get(0);
return new EvaluatedHasAssignmentTrigger(PolicyConstraintKindType.HAS_ASSIGNMENT, constraint, matchingTargets, createPositiveMessage(constraintElement, ctx, anyTargetObject, result), createPositiveShortMessage(constraintElement, ctx, anyTargetObject, result));
} else {
// we matched something but the constraint was "has no assignment"
return null;
}
} else {
return createTriggerIfShouldNotExist(shouldExist, constraintElement, ctx, result);
}
} catch (Throwable t) {
result.recordFatalError(t.getMessage(), t);
throw t;
} finally {
result.computeStatusIfUnknown();
}
}
Aggregations