Search in sources :

Example 1 with AssignmentPolicyRuleEvaluationContext

use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.

the class ConstraintEvaluatorHelper method createVariablesMap.

// corresponds with PolicyRuleBasedAspect.processNameFromApprovalActions
public <AH extends AssignmentHolderType> VariablesMap createVariablesMap(PolicyRuleEvaluationContext<AH> rctx, JAXBElement<? extends AbstractPolicyConstraintType> constraintElement) {
    VariablesMap var = new VariablesMap();
    PrismObject<AH> object = rctx.getObject();
    var.put(ExpressionConstants.VAR_USER, object, object.getDefinition());
    var.put(ExpressionConstants.VAR_FOCUS, object, object.getDefinition());
    var.put(ExpressionConstants.VAR_OBJECT, object, object.getDefinition());
    var.put(ExpressionConstants.VAR_OBJECT_DISPLAY_INFORMATION, LocalizationUtil.createLocalizableMessageType(createDisplayInformation(object, false)), LocalizableMessageType.class);
    if (rctx instanceof AssignmentPolicyRuleEvaluationContext) {
        AssignmentPolicyRuleEvaluationContext actx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
        PrismObject target = actx.evaluatedAssignment.getTarget();
        var.put(ExpressionConstants.VAR_TARGET, target, target.getDefinition());
        var.put(ExpressionConstants.VAR_TARGET_DISPLAY_INFORMATION, LocalizationUtil.createLocalizableMessageType(createDisplayInformation(target, false)), LocalizableMessageType.class);
        var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, actx.evaluatedAssignment, EvaluatedAssignment.class);
        AssignmentType assignment = actx.evaluatedAssignment.getAssignment(actx.state == ObjectState.BEFORE);
        var.put(ExpressionConstants.VAR_ASSIGNMENT, assignment, AssignmentType.class);
    } else {
        SchemaRegistry schemaRegistry = PrismContext.get().getSchemaRegistry();
        PrismObjectDefinition<ObjectType> targetDef = schemaRegistry.findObjectDefinitionByCompileTimeClass(ObjectType.class);
        var.put(ExpressionConstants.VAR_TARGET, null, targetDef);
        var.put(ExpressionConstants.VAR_TARGET_DISPLAY_INFORMATION, null, LocalizableMessageType.class);
        var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, null, EvaluatedAssignment.class);
        PrismContainerDefinition<AssignmentType> assignmentDef = schemaRegistry.findObjectDefinitionByCompileTimeClass(AssignmentHolderType.class).findContainerDefinition(AssignmentHolderType.F_ASSIGNMENT);
        var.put(ExpressionConstants.VAR_ASSIGNMENT, null, assignmentDef);
    }
    var.put(VAR_RULE_EVALUATION_CONTEXT, rctx, PolicyRuleEvaluationContext.class);
    var.put(VAR_EVALUATOR_HELPER, this, ConstraintEvaluatorHelper.class);
    var.put(VAR_CONSTRAINT, constraintElement != null ? constraintElement.getValue() : null, AbstractPolicyConstraintType.class);
    var.put(VAR_CONSTRAINT_ELEMENT, constraintElement, JAXBElement.class);
    return var;
}
Also used : AssignmentPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext) VariablesMap(com.evolveum.midpoint.schema.expression.VariablesMap) SchemaRegistry(com.evolveum.midpoint.prism.schema.SchemaRegistry)

Example 2 with AssignmentPolicyRuleEvaluationContext

use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.

the class PolicySituationConstraintEvaluator method evaluate.

@Override
public <AH extends AssignmentHolderType> EvaluatedSituationTrigger evaluate(@NotNull JAXBElement<PolicySituationPolicyConstraintType> constraint, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
    OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
    try {
        // "situation" constraint is present directly on it.
        if (rctx instanceof AssignmentPolicyRuleEvaluationContext && !((AssignmentPolicyRuleEvaluationContext) rctx).isDirect) {
            return null;
        }
        // Single pass only (for the time being)
        PolicySituationPolicyConstraintType situationConstraint = constraint.getValue();
        Collection<EvaluatedPolicyRule> sourceRules = selectTriggeredRules(rctx, situationConstraint.getSituation());
        if (sourceRules.isEmpty()) {
            return null;
        }
        return new EvaluatedSituationTrigger(situationConstraint, createMessage(sourceRules, constraint, rctx, result), createShortMessage(sourceRules, constraint, rctx, result), sourceRules);
    } catch (Throwable t) {
        result.recordFatalError(t.getMessage(), t);
        throw t;
    } finally {
        result.computeStatusIfUnknown();
    }
}
Also used : EvaluatedPolicyRule(com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule) AssignmentPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) EvaluatedSituationTrigger(com.evolveum.midpoint.model.api.context.EvaluatedSituationTrigger) PolicySituationPolicyConstraintType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicySituationPolicyConstraintType)

Example 3 with AssignmentPolicyRuleEvaluationContext

use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.

the class EvaluatedPolicyRuleImpl method createVariablesMap.

private <AH extends AssignmentHolderType> VariablesMap createVariablesMap(PolicyRuleEvaluationContext<AH> rctx, PrismObject<AH> object) {
    VariablesMap var = new VariablesMap();
    var.put(ExpressionConstants.VAR_USER, object, object.getDefinition());
    var.put(ExpressionConstants.VAR_FOCUS, object, object.getDefinition());
    var.put(ExpressionConstants.VAR_OBJECT, object, object.getDefinition());
    PrismContext prismContext = PrismContext.get();
    if (rctx instanceof AssignmentPolicyRuleEvaluationContext) {
        AssignmentPolicyRuleEvaluationContext<AH> actx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
        var.put(ExpressionConstants.VAR_TARGET, actx.evaluatedAssignment.getTarget(), actx.evaluatedAssignment.getTarget().getDefinition());
        var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, actx.evaluatedAssignment, EvaluatedAssignment.class);
        AssignmentType assignment = actx.evaluatedAssignment.getAssignment(actx.state == ObjectState.BEFORE);
        var.put(ExpressionConstants.VAR_ASSIGNMENT, assignment, getAssignmentDefinition(assignment, prismContext));
    } else if (rctx instanceof ObjectPolicyRuleEvaluationContext) {
        PrismObjectDefinition<ObjectType> targetDef = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ObjectType.class);
        var.put(ExpressionConstants.VAR_TARGET, null, targetDef);
        var.put(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, null, EvaluatedAssignment.class);
        var.put(ExpressionConstants.VAR_ASSIGNMENT, null, getAssignmentDefinition(null, prismContext));
    } else if (rctx != null) {
        throw new AssertionError(rctx);
    }
    var.put(VAR_RULE_EVALUATION_CONTEXT, rctx, PolicyRuleEvaluationContext.class);
    return var;
}
Also used : AssignmentPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext) ObjectPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.ObjectPolicyRuleEvaluationContext) VariablesMap(com.evolveum.midpoint.schema.expression.VariablesMap)

Example 4 with AssignmentPolicyRuleEvaluationContext

use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.

the class ExclusionConstraintEvaluator method evaluate.

@Override
public <AH extends AssignmentHolderType> EvaluatedExclusionTrigger evaluate(@NotNull JAXBElement<ExclusionPolicyConstraintType> constraint, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
    OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
    try {
        LOGGER.trace("Evaluating exclusion constraint {} on {}", lazy(() -> PolicyRuleTypeUtil.toShortString(constraint)), rctx);
        if (!(rctx instanceof AssignmentPolicyRuleEvaluationContext)) {
            return null;
        }
        AssignmentPolicyRuleEvaluationContext<AH> ctx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
        if (!ctx.isAdded && !ctx.isKept) {
            LOGGER.trace("Assignment not being added nor kept, skipping evaluation.");
            return null;
        }
        if (sourceOrderConstraintsDoNotMatch(constraint, ctx)) {
            // logged in the called method body
            return null;
        }
        /*
             * Now let us check the exclusions.
             *
             * Assignment A is the current evaluated assignment. It has directly or indirectly attached the exclusion policy rule.
             * We now go through all other assignments B and check the exclusions.
             */
        List<OrderConstraintsType> targetOrderConstraints = defaultIfEmpty(constraint.getValue().getTargetOrderConstraint());
        List<EvaluatedAssignmentTargetImpl> nonNegativeTargetsA = ctx.evaluatedAssignment.getNonNegativeTargets();
        ConstraintReferenceMatcher<AH> refMatcher = new ConstraintReferenceMatcher<>(ctx, constraint.getValue().getTargetRef(), expressionFactory, result, LOGGER);
        for (EvaluatedAssignmentImpl<AH> assignmentB : ctx.evaluatedAssignmentTriple.getNonNegativeValues()) {
            // MID-6403
            if (assignmentB == ctx.evaluatedAssignment) {
                // currently there is no other way of comparing the evaluated assignments
                continue;
            }
            targetB: for (EvaluatedAssignmentTargetImpl targetB : assignmentB.getNonNegativeTargets()) {
                if (!pathMatches(targetB.getAssignmentPath(), targetOrderConstraints)) {
                    LOGGER.trace("Skipping considering exclusion target {} because it does not match target path constraints." + " Path={}, constraints={}", targetB, targetB.getAssignmentPath(), targetOrderConstraints);
                    continue;
                }
                if (!refMatcher.refMatchesTarget(targetB.getTarget(), "exclusion constraint")) {
                    LOGGER.trace("Target {} OID does not match exclusion filter", targetB);
                    continue;
                }
                // To avoid false positives let us check if this target is not already covered by assignment being evaluated
                for (EvaluatedAssignmentTargetImpl targetA : nonNegativeTargetsA) {
                    if (targetIsAlreadyCovered(targetB, targetA)) {
                        continue targetB;
                    }
                }
                EvaluatedExclusionTrigger rv = createTrigger(ctx.evaluatedAssignment, assignmentB, targetB, constraint, ctx.policyRule, ctx, result);
                result.addReturn("trigger", rv.toDiagShortcut());
                return rv;
            }
        }
        return null;
    } catch (Throwable t) {
        result.recordFatalError(t.getMessage(), t);
        throw t;
    } finally {
        result.computeStatusIfUnknown();
    }
}
Also used : AssignmentPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext) EvaluatedAssignmentTargetImpl(com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentTargetImpl) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) OrderConstraintsType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType) EvaluatedExclusionTrigger(com.evolveum.midpoint.model.api.context.EvaluatedExclusionTrigger)

Example 5 with AssignmentPolicyRuleEvaluationContext

use of com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext in project midpoint by Evolveum.

the class AssignmentModificationConstraintEvaluator method evaluate.

@Override
public <AH extends AssignmentHolderType> EvaluatedModificationTrigger evaluate(@NotNull JAXBElement<AssignmentModificationPolicyConstraintType> constraintElement, @NotNull PolicyRuleEvaluationContext<AH> rctx, OperationResult parentResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
    OperationResult result = parentResult.subresult(OP_EVALUATE).setMinor().build();
    try {
        if (!(rctx instanceof AssignmentPolicyRuleEvaluationContext)) {
            LOGGER.trace("Not an AssignmentPolicyRuleEvaluationContext: {}", rctx.getClass());
            return null;
        }
        AssignmentPolicyRuleEvaluationContext<AH> ctx = (AssignmentPolicyRuleEvaluationContext<AH>) rctx;
        if (!ctx.isDirect) {
            LOGGER.trace("Assignment is indirect => not triggering");
            return null;
        }
        AssignmentModificationPolicyConstraintType constraint = constraintElement.getValue();
        if (!operationMatches(constraint, ctx.isAdded, ctx.isKept, ctx.isDeleted) || !relationMatches(constraint, ctx) || !pathsMatch(constraint, ctx) || !expressionPasses(constraintElement, ctx, result)) {
            // Logging is done inside matcher methods
            return null;
        }
        // TODO check modifications
        EvaluatedModificationTrigger rv = new EvaluatedModificationTrigger(PolicyConstraintKindType.ASSIGNMENT_MODIFICATION, constraint, ctx.evaluatedAssignment.getTarget(), createMessage(constraintElement, ctx, result), createShortMessage(constraintElement, ctx, result));
        result.addReturn("trigger", rv.toDiagShortcut());
        return rv;
    } catch (Throwable t) {
        result.recordFatalError(t.getMessage(), t);
        throw t;
    } finally {
        result.computeStatusIfUnknown();
    }
}
Also used : EvaluatedModificationTrigger(com.evolveum.midpoint.model.api.context.EvaluatedModificationTrigger) AssignmentPolicyRuleEvaluationContext(com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext) OperationResult(com.evolveum.midpoint.schema.result.OperationResult)

Aggregations

AssignmentPolicyRuleEvaluationContext (com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext)5 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 VariablesMap (com.evolveum.midpoint.schema.expression.VariablesMap)2 EvaluatedExclusionTrigger (com.evolveum.midpoint.model.api.context.EvaluatedExclusionTrigger)1 EvaluatedModificationTrigger (com.evolveum.midpoint.model.api.context.EvaluatedModificationTrigger)1 EvaluatedPolicyRule (com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule)1 EvaluatedSituationTrigger (com.evolveum.midpoint.model.api.context.EvaluatedSituationTrigger)1 EvaluatedAssignmentTargetImpl (com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentTargetImpl)1 ObjectPolicyRuleEvaluationContext (com.evolveum.midpoint.model.impl.lens.projector.policy.ObjectPolicyRuleEvaluationContext)1 SchemaRegistry (com.evolveum.midpoint.prism.schema.SchemaRegistry)1 OrderConstraintsType (com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType)1 PolicySituationPolicyConstraintType (com.evolveum.midpoint.xml.ns._public.common.common_3.PolicySituationPolicyConstraintType)1