use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.
the class ConstraintEvaluatorHelper method createVariablesMap.
// corresponds with PolicyRuleBasedAspect.processNameFromApprovalActions
public <AH extends AssignmentHolderType> VariablesMap createVariablesMap(PolicyRuleEvaluationContext<AH> rctx, JAXBElement<? extends AbstractPolicyConstraintType> constraintElement) {
VariablesMap var = new VariablesMap();
PrismObject<AH> object = rctx.getObject();
var.put(ExpressionConstants.VAR_USER, object, object.getDefinition());
var.put(ExpressionConstants.VAR_FOCUS, object, object.getDefinition());
var.put(ExpressionConstants.VAR_OBJECT, object, object.getDefinition());
var.put(ExpressionConstants.VAR_OBJECT_DISPLAY_INFORMATION, LocalizationUtil.createLocalizableMessageType(createDisplayInformation(object, false)), LocalizableMessageType.class);
if (rctx instanceof AssignmentPolicyRuleEvaluationContext) {
AssignmentPolicyRuleEvaluationContext actx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
PrismObject target = actx.evaluatedAssignment.getTarget();
var.put(ExpressionConstants.VAR_TARGET, target, target.getDefinition());
var.put(ExpressionConstants.VAR_TARGET_DISPLAY_INFORMATION, LocalizationUtil.createLocalizableMessageType(createDisplayInformation(target, false)), LocalizableMessageType.class);
var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, actx.evaluatedAssignment, EvaluatedAssignment.class);
AssignmentType assignment = actx.evaluatedAssignment.getAssignment(actx.state == ObjectState.BEFORE);
var.put(ExpressionConstants.VAR_ASSIGNMENT, assignment, AssignmentType.class);
} else {
SchemaRegistry schemaRegistry = PrismContext.get().getSchemaRegistry();
PrismObjectDefinition<ObjectType> targetDef = schemaRegistry.findObjectDefinitionByCompileTimeClass(ObjectType.class);
var.put(ExpressionConstants.VAR_TARGET, null, targetDef);
var.put(ExpressionConstants.VAR_TARGET_DISPLAY_INFORMATION, null, LocalizableMessageType.class);
var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, null, EvaluatedAssignment.class);
PrismContainerDefinition<AssignmentType> assignmentDef = schemaRegistry.findObjectDefinitionByCompileTimeClass(AssignmentHolderType.class).findContainerDefinition(AssignmentHolderType.F_ASSIGNMENT);
var.put(ExpressionConstants.VAR_ASSIGNMENT, null, assignmentDef);
}
var.put(VAR_RULE_EVALUATION_CONTEXT, rctx, PolicyRuleEvaluationContext.class);
var.put(VAR_EVALUATOR_HELPER, this, ConstraintEvaluatorHelper.class);
var.put(VAR_CONSTRAINT, constraintElement != null ? constraintElement.getValue() : null, AbstractPolicyConstraintType.class);
var.put(VAR_CONSTRAINT_ELEMENT, constraintElement, JAXBElement.class);
return var;
}
use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.
the class PolicySituationConstraintEvaluator method evaluate.
@Override
public <AH extends AssignmentHolderType> EvaluatedSituationTrigger evaluate(@NotNull JAXBElement<PolicySituationPolicyConstraintType> constraint, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
try {
// "situation" constraint is present directly on it.
if (rctx instanceof AssignmentPolicyRuleEvaluationContext && !((AssignmentPolicyRuleEvaluationContext) rctx).isDirect) {
return null;
}
// Single pass only (for the time being)
PolicySituationPolicyConstraintType situationConstraint = constraint.getValue();
Collection<EvaluatedPolicyRule> sourceRules = selectTriggeredRules(rctx, situationConstraint.getSituation());
if (sourceRules.isEmpty()) {
return null;
}
return new EvaluatedSituationTrigger(situationConstraint, createMessage(sourceRules, constraint, rctx, result), createShortMessage(sourceRules, constraint, rctx, result), sourceRules);
} catch (Throwable t) {
result.recordFatalError(t.getMessage(), t);
throw t;
} finally {
result.computeStatusIfUnknown();
}
}
use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.
the class EvaluatedPolicyRuleImpl method createVariablesMap.
private <AH extends AssignmentHolderType> VariablesMap createVariablesMap(PolicyRuleEvaluationContext<AH> rctx, PrismObject<AH> object) {
VariablesMap var = new VariablesMap();
var.put(ExpressionConstants.VAR_USER, object, object.getDefinition());
var.put(ExpressionConstants.VAR_FOCUS, object, object.getDefinition());
var.put(ExpressionConstants.VAR_OBJECT, object, object.getDefinition());
PrismContext prismContext = PrismContext.get();
if (rctx instanceof AssignmentPolicyRuleEvaluationContext) {
AssignmentPolicyRuleEvaluationContext<AH> actx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
var.put(ExpressionConstants.VAR_TARGET, actx.evaluatedAssignment.getTarget(), actx.evaluatedAssignment.getTarget().getDefinition());
var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, actx.evaluatedAssignment, EvaluatedAssignment.class);
AssignmentType assignment = actx.evaluatedAssignment.getAssignment(actx.state == ObjectState.BEFORE);
var.put(ExpressionConstants.VAR_ASSIGNMENT, assignment, getAssignmentDefinition(assignment, prismContext));
} else if (rctx instanceof ObjectPolicyRuleEvaluationContext) {
PrismObjectDefinition<ObjectType> targetDef = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ObjectType.class);
var.put(ExpressionConstants.VAR_TARGET, null, targetDef);
var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, null, EvaluatedAssignment.class);
var.put(ExpressionConstants.VAR_ASSIGNMENT, null, getAssignmentDefinition(null, prismContext));
} else if (rctx != null) {
throw new AssertionError(rctx);
}
var.put(VAR_RULE_EVALUATION_CONTEXT, rctx, PolicyRuleEvaluationContext.class);
return var;
}
use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.
the class ExclusionConstraintEvaluator method evaluate.
@Override
public <AH extends AssignmentHolderType> EvaluatedExclusionTrigger evaluate(@NotNull JAXBElement<ExclusionPolicyConstraintType> constraint, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
try {
LOGGER.trace("Evaluating exclusion constraint {} on {}", lazy(() -> PolicyRuleTypeUtil.toShortString(constraint)), rctx);
if (!(rctx instanceof AssignmentPolicyRuleEvaluationContext)) {
return null;
}
AssignmentPolicyRuleEvaluationContext<AH> ctx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
if (!ctx.isAdded && !ctx.isKept) {
LOGGER.trace("Assignment not being added nor kept, skipping evaluation.");
return null;
}
if (sourceOrderConstraintsDoNotMatch(constraint, ctx)) {
// logged in the called method body
return null;
}
/*
* Now let us check the exclusions.
*
* Assignment A is the current evaluated assignment. It has directly or indirectly attached the exclusion policy rule.
* We now go through all other assignments B and check the exclusions.
*/
List<OrderConstraintsType> targetOrderConstraints = defaultIfEmpty(constraint.getValue().getTargetOrderConstraint());
List<EvaluatedAssignmentTargetImpl> nonNegativeTargetsA = ctx.evaluatedAssignment.getNonNegativeTargets();
ConstraintReferenceMatcher<AH> refMatcher = new ConstraintReferenceMatcher<>(ctx, constraint.getValue().getTargetRef(), expressionFactory, result, LOGGER);
for (EvaluatedAssignmentImpl<AH> assignmentB : ctx.evaluatedAssignmentTriple.getNonNegativeValues()) {
// MID-6403
if (assignmentB == ctx.evaluatedAssignment) {
// currently there is no other way of comparing the evaluated assignments
continue;
}
targetB: for (EvaluatedAssignmentTargetImpl targetB : assignmentB.getNonNegativeTargets()) {
if (!pathMatches(targetB.getAssignmentPath(), targetOrderConstraints)) {
LOGGER.trace("Skipping considering exclusion target {} because it does not match target path constraints." + " Path={}, constraints={}", targetB, targetB.getAssignmentPath(), targetOrderConstraints);
continue;
}
if (!refMatcher.refMatchesTarget(targetB.getTarget(), "exclusion constraint")) {
LOGGER.trace("Target {} OID does not match exclusion filter", targetB);
continue;
}
// To avoid false positives let us check if this target is not already covered by assignment being evaluated
for (EvaluatedAssignmentTargetImpl targetA : nonNegativeTargetsA) {
if (targetIsAlreadyCovered(targetB, targetA)) {
continue targetB;
}
}
EvaluatedExclusionTrigger rv = createTrigger(ctx.evaluatedAssignment, assignmentB, targetB, constraint, ctx.policyRule, ctx, result);
result.addReturn("trigger", rv.toDiagShortcut());
return rv;
}
}
return null;
} catch (Throwable t) {
result.recordFatalError(t.getMessage(), t);
throw t;
} finally {
result.computeStatusIfUnknown();
}
}
use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.
the class AssignmentModificationConstraintEvaluator method evaluate.
@Override
public <AH extends AssignmentHolderType> EvaluatedModificationTrigger evaluate(@NotNull JAXBElement<AssignmentModificationPolicyConstraintType> constraintElement, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
try {
if (!(rctx instanceof AssignmentPolicyRuleEvaluationContext)) {
LOGGER.trace("Not an AssignmentPolicyRuleEvaluationContext: {}", rctx.getClass());
return null;
}
AssignmentPolicyRuleEvaluationContext<AH> ctx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
if (!ctx.isDirect) {
LOGGER.trace("Assignment is indirect => not triggering");
return null;
}
AssignmentModificationPolicyConstraintType constraint = constraintElement.getValue();
if (!operationMatches(constraint, ctx.isAdded, ctx.isKept, ctx.isDeleted) || !relationMatches(constraint, ctx) || !pathsMatch(constraint, ctx) || !expressionPasses(constraintElement, ctx, result)) {
// Logging is done inside matcher methods
return null;
}
// TODO check modifications
EvaluatedModificationTrigger rv = new EvaluatedModificationTrigger(PolicyConstraintKindType.ASSIGNMENT_MODIFICATION, constraint, ctx.evaluatedAssignment.getTarget(), createMessage(constraintElement, ctx, result), createShortMessage(constraintElement, ctx, result));
result.addReturn("trigger", rv.toDiagShortcut());
return rv;
} catch (Throwable t) {
result.recordFatalError(t.getMessage(), t);
throw t;
} finally {
result.computeStatusIfUnknown();
}
}
Aggregations