Example 26 with PrismContainer
use of com.evolveum.midpoint.prism.PrismContainer in project midpoint by Evolveum.
the class PageReport method saveAndRunPerformed.
public void saveAndRunPerformed(AjaxRequestTarget target) {
try {
processingOfSaveAndRun = true;
OperationResult saveResult = new OperationResult(OPERATION_SAVE);
Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas = saveOrPreviewPerformed(target, saveResult, false);
if (!saveResult.isError()) {
PrismObject<ReportType> report = getReport(executedDeltas);
if (!ReportOperationalButtonsPanel.hasParameters(report.asObjectable())) {
runReport(report, null);
} else {
RunReportPopupPanel runReportPopupPanel = new RunReportPopupPanel(getMainPopupBodyId(), report.asObjectable()) {
private static final long serialVersionUID = 1L;
@Override
public StringResourceModel getTitle() {
return createStringResource("PageReport.reportPreview");
}
protected void runConfirmPerformed(AjaxRequestTarget target, PrismObject<ReportType> report, PrismContainer<ReportParameterType> reportParam) {
runReport(report, reportParam);
hideMainPopup(target);
}
};
showMainPopup(runReportPopupPanel, target);
}
}
} finally {
processingOfSaveAndRun = false;
}
}
Also used :
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
ObjectDeltaOperation(com.evolveum.midpoint.schema.ObjectDeltaOperation)
PrismContainer(com.evolveum.midpoint.prism.PrismContainer)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
RunReportPopupPanel(com.evolveum.midpoint.web.page.admin.reports.component.RunReportPopupPanel)
Example 27 with PrismContainer
use of com.evolveum.midpoint.prism.PrismContainer in project midpoint by Evolveum.
the class ClockworkAuthorizationHelper method authorizeElementContext.
private <F extends ObjectType, O extends ObjectType> ObjectSecurityConstraints authorizeElementContext(LensContext<F> context, LensElementContext<O> elementContext, OwnerResolver ownerResolver, boolean isFocus, Task task, OperationResult result) throws SecurityViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Authorizing request for element context {}", elementContext.getHumanReadableName());
}
ObjectDelta<O> origPrimaryDelta = elementContext.getPrimaryDelta();
// If there is no delta then there is no request to authorize
if (origPrimaryDelta != null) {
ObjectDelta<O> primaryDeltaClone = origPrimaryDelta.clone();
PrismObject<O> object = elementContext.getObjectCurrent();
if (object == null) {
// This may happen when object is being added.
// But also in cases such as assignment of account and modification of
// the same account in one operation
object = elementContext.getObjectNew();
}
String deltaOperationUrl = ModelImplUtils.getOperationUrlFromDelta(primaryDeltaClone);
ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(object, ownerResolver, task, result);
if (securityConstraints == null) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Denied request for element context {}: null security constraints", elementContext.getHumanReadableName());
}
throw new AuthorizationException("Access denied");
}
if (isFocus) {
// have to ignore the assignment item in subsequent security checks
if (object.canRepresent(AssignmentHolderType.class)) {
processAssignment(context, elementContext, primaryDeltaClone, deltaOperationUrl, AssignmentHolderType.F_ASSIGNMENT, object, ownerResolver, securityConstraints, task, result);
}
if (object.canRepresent(AbstractRoleType.class)) {
processAssignment(context, elementContext, primaryDeltaClone, deltaOperationUrl, AbstractRoleType.F_INDUCEMENT, object, ownerResolver, securityConstraints, task, result);
}
}
if (!primaryDeltaClone.isDelete()) {
if (primaryDeltaClone.isAdd()) {
PrismObject<O> objectToAdd = primaryDeltaClone.getObjectToAdd();
PrismContainer<CredentialsType> credentialsContainer = objectToAdd.findContainer(UserType.F_CREDENTIALS);
if (credentialsContainer != null) {
List<ItemPath> pathsToRemove = new ArrayList<>();
for (Item<?, ?> item : credentialsContainer.getValue().getItems()) {
ContainerDelta<?> cdelta = prismContext.deltaFactory().container().create(item.getPath(), (PrismContainerDefinition) item.getDefinition());
cdelta.addValuesToAdd(((PrismContainer) item).getValue().clone());
AuthorizationDecisionType cdecision = evaluateCredentialDecision(context, securityConstraints, cdelta);
LOGGER.trace("AUTZ: credential add {} decision: {}", item.getPath(), cdecision);
if (cdecision == AuthorizationDecisionType.ALLOW) {
// Remove it from primary delta, so it will not be evaluated later
pathsToRemove.add(item.getPath());
} else if (cdecision == AuthorizationDecisionType.DENY) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Denied request for element context {}: explicit credentials deny", elementContext.getHumanReadableName());
}
throw new AuthorizationException("Access denied");
} else {
// Do nothing. The access will be evaluated later in a normal way
}
}
for (ItemPath pathToRemove : pathsToRemove) {
objectToAdd.removeContainer(pathToRemove);
}
}
} else {
// modify
Collection<? extends ItemDelta<?, ?>> credentialChanges = primaryDeltaClone.findItemDeltasSubPath(UserType.F_CREDENTIALS);
for (ItemDelta<?, ?> credentialChange : credentialChanges) {
AuthorizationDecisionType cdecision = evaluateCredentialDecision(context, securityConstraints, credentialChange);
LOGGER.trace("AUTZ: credential delta {} decision: {}", credentialChange.getPath(), cdecision);
if (cdecision == AuthorizationDecisionType.ALLOW) {
// Remove it from primary delta, so it will not be evaluated later
primaryDeltaClone.removeModification(credentialChange);
} else if (cdecision == AuthorizationDecisionType.DENY) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Denied request for element context {}: explicit credentials deny", elementContext.getHumanReadableName());
}
throw new AuthorizationException("Access denied");
} else {
// Do nothing. The access will be evaluated later in a normal way
}
}
}
}
if (!primaryDeltaClone.isEmpty()) {
// TODO: optimize, avoid evaluating the constraints twice
securityEnforcer.authorize(deltaOperationUrl, getRequestAuthorizationPhase(context), AuthorizationParameters.Builder.buildObjectDelta(object, primaryDeltaClone), ownerResolver, task, result);
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Authorized request for element context {}, constraints:\n{}", elementContext.getHumanReadableName(), securityConstraints.debugDump(1));
}
return securityConstraints;
} else {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Authorized request for element context {}, constraints=null", elementContext.getHumanReadableName());
}
return null;
}
}
Also used :
CredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)
AuthorizationException(com.evolveum.midpoint.util.exception.AuthorizationException)
ArrayList(java.util.ArrayList)
ObjectSecurityConstraints(com.evolveum.midpoint.security.enforcer.api.ObjectSecurityConstraints)
PrismContainer(com.evolveum.midpoint.prism.PrismContainer)
AuthorizationDecisionType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 28 with PrismContainer
use of com.evolveum.midpoint.prism.PrismContainer in project midpoint by Evolveum.
the class ShadowConstraintsChecker method check.
public void check(Task task, OperationResult result) throws SchemaException, ObjectAlreadyExistsException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
CompositeObjectDefinition projOcDef = projectionContext.getCompositeObjectDefinition();
PrismObject<ShadowType> projectionNew = projectionContext.getObjectNew();
if (projectionNew == null) {
// This must be delete
LOGGER.trace("No new object in projection context. Current shadow satisfy constraints");
satisfiesConstraints = true;
return;
}
PrismContainer<?> attributesContainer = projectionNew.findContainer(ShadowType.F_ATTRIBUTES);
if (attributesContainer == null) {
// No attributes no constraint violations
LOGGER.trace("Current shadow does not contain attributes, skipping checking uniqueness.");
satisfiesConstraints = true;
return;
}
ConstraintViolationConfirmer confirmer = (conflictingShadowCandidate) -> {
boolean violation = true;
LensProjectionContext foundContext = context.findProjectionContextByOid(conflictingShadowCandidate.getOid());
if (foundContext != null) {
if (foundContext.isGone()) {
violation = false;
}
LOGGER.trace("Comparing with account in other context resulted to violation confirmation of {}", violation);
}
return violation;
};
constraintsCheckingResult = provisioningService.checkConstraints(projOcDef, projectionNew, projectionContext.getObjectOld(), projectionContext.getResource(), projectionContext.getOid(), projectionContext.getResourceShadowDiscriminator(), confirmer, context.getProjectionConstraintsCheckingStrategy(), task, result);
if (constraintsCheckingResult.isSatisfiesConstraints()) {
satisfiesConstraints = true;
return;
}
for (QName checkedAttributeName : constraintsCheckingResult.getCheckedAttributes()) {
if (constraintsCheckingResult.getConflictingAttributes().contains(checkedAttributeName)) {
if (isInDelta(checkedAttributeName, projectionContext.getPrimaryDelta())) {
throw new ObjectAlreadyExistsException("Attribute " + checkedAttributeName + " conflicts with existing object (and it is present in primary " + "account delta therefore no iteration is performed)");
}
}
}
if (projectionContext.isGone()) {
satisfiesConstraints = true;
} else {
satisfiesConstraints = false;
}
}
Also used :
PrismContainer(com.evolveum.midpoint.prism.PrismContainer)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
Trace(com.evolveum.midpoint.util.logging.Trace)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
LensContext(com.evolveum.midpoint.model.impl.lens.LensContext)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
CompositeObjectDefinition(com.evolveum.midpoint.schema.processor.CompositeObjectDefinition)
PrismContext(com.evolveum.midpoint.prism.PrismContext)
ConstraintsCheckingResult(com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
Task(com.evolveum.midpoint.task.api.Task)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext)
FocusType(com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType)
ConstraintViolationConfirmer(com.evolveum.midpoint.provisioning.api.ConstraintViolationConfirmer)
ProvisioningService(com.evolveum.midpoint.provisioning.api.ProvisioningService)
CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException)
QName(javax.xml.namespace.QName)
TraceManager(com.evolveum.midpoint.util.logging.TraceManager)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ConstraintViolationConfirmer(com.evolveum.midpoint.provisioning.api.ConstraintViolationConfirmer)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
QName(javax.xml.namespace.QName)
LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext)
CompositeObjectDefinition(com.evolveum.midpoint.schema.processor.CompositeObjectDefinition)
ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)
Aggregations
PrismContainer (com.evolveum.midpoint.prism.PrismContainer)28
PrismObject (com.evolveum.midpoint.prism.PrismObject)12
PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)9
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)6
PrismProperty (com.evolveum.midpoint.prism.PrismProperty)5
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)5
RunReportPopupPanel (com.evolveum.midpoint.web.page.admin.reports.component.RunReportPopupPanel)5
AjaxRequestTarget (org.apache.wicket.ajax.AjaxRequestTarget)5
Item (com.evolveum.midpoint.prism.Item)4
PrismReference (com.evolveum.midpoint.prism.PrismReference)4
PrismReferenceValue (com.evolveum.midpoint.prism.PrismReferenceValue)4
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)4
ArrayList (java.util.ArrayList)4
Task (com.evolveum.midpoint.task.api.Task)3
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3
Containerable (com.evolveum.midpoint.prism.Containerable)2
PrismContext (com.evolveum.midpoint.prism.PrismContext)2
PrismPropertyDefinition (com.evolveum.midpoint.prism.PrismPropertyDefinition)2
PrismValue (com.evolveum.midpoint.prism.PrismValue)2
Referencable (com.evolveum.midpoint.prism.Referencable)2
