Examples with DefinitionsToTransformable com.evolveum.midpoint.model.impl.schema.transform.DefinitionsToTransformable used on opensource projects

Example 1 with DefinitionsToTransformable

use of com.evolveum.midpoint.model.impl.schema.transform.DefinitionsToTransformable in project midpoint by Evolveum.

the class SchemaTransformer method applySchemasAndSecurity.

/**
 * Validate the objects, apply security to the object definition, remove any non-visible properties (security),
 * apply object template definitions and so on. This method is called for
 * any object that is returned from the Model Service.
 */
<O extends ObjectType> void applySchemasAndSecurity(PrismObject<O> object, GetOperationOptions rootOptions, Collection<SelectorOptions<GetOperationOptions>> options, AuthorizationPhaseType phase, Task task, OperationResult parentResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException {
    LOGGER.trace("applySchemasAndSecurity({}) starting", object);
    OperationResult result = parentResult.createMinorSubresult(OP_APPLY_SCHEMAS_AND_SECURITY);
    authorizeOptions(rootOptions, object, null, phase, task, result);
    validateObject(object, rootOptions, result);
    ObjectSecurityConstraints securityConstraints = compileSecurityConstraints(object, task, result);
    transform(object, new DefinitionsToTransformable());
    PrismObjectDefinition<O> objectDefinition = object.getDefinition();
    if (phase == null) {
        if (!GetOperationOptions.isExecutionPhase(rootOptions)) {
            applySchemasAndSecurityPhase(object, securityConstraints, objectDefinition, rootOptions, AuthorizationPhaseType.REQUEST, task, result);
        }
        applySchemasAndSecurityPhase(object, securityConstraints, objectDefinition, rootOptions, AuthorizationPhaseType.EXECUTION, task, result);
    } else {
        if (phase == AuthorizationPhaseType.REQUEST && GetOperationOptions.isExecutionPhase(rootOptions)) {
        // Skip application of security constraints for request phase.
        // The caller asked to skip evaluation of request authorization, so everything is allowed here.
        } else {
            applySchemasAndSecurityPhase(object, securityConstraints, objectDefinition, rootOptions, phase, task, result);
        }
    }
    // we do not need to process object template when processing REQUEST in RAW mode.
    if (!GetOperationOptions.isRaw(rootOptions)) {
        ObjectTemplateType objectTemplateType;
        try {
            objectTemplateType = determineObjectTemplate(object, AuthorizationPhaseType.REQUEST, result);
        } catch (ConfigurationException | SchemaException | ObjectNotFoundException e) {
            result.recordFatalError(e);
            throw e;
        }
        applyObjectTemplateToObject(object, objectTemplateType, result);
    }
    if (CollectionUtils.isNotEmpty(options)) {
        Map<DefinitionProcessingOption, Collection<UniformItemPath>> definitionProcessing = SelectorOptions.extractOptionValues(options, (o) -> o.getDefinitionProcessing(), prismContext);
        if (CollectionUtils.isNotEmpty(definitionProcessing.get(DefinitionProcessingOption.NONE))) {
            throw new UnsupportedOperationException("'NONE' definition processing is not supported now");
        }
        Collection<UniformItemPath> onlyIfExists = definitionProcessing.get(DefinitionProcessingOption.ONLY_IF_EXISTS);
        if (CollectionUtils.isNotEmpty(onlyIfExists)) {
            if (onlyIfExists.size() != 1 || !ItemPath.isEmpty(onlyIfExists.iterator().next())) {
                throw new UnsupportedOperationException("'ONLY_IF_EXISTS' definition processing is currently supported on root level only; not on " + onlyIfExists);
            }
            Collection<UniformItemPath> full = definitionProcessing.get(DefinitionProcessingOption.FULL);
            object.trimDefinitionTree(full);
        }
    }
    result.computeStatus();
    result.recordSuccessIfUnknown();
    LOGGER.trace("applySchemasAndSecurity finishing");
}