Example 81 with ItemPath
use of com.evolveum.midpoint.prism.path.ItemPath in project midpoint by Evolveum.
the class TestSchemaDelta method testDeleteInducementConstructionSameNullIdApplyToObject.
@Test
public void testDeleteInducementConstructionSameNullIdApplyToObject() throws Exception {
final String TEST_NAME = "testDeleteInducementConstructionSameNullIdApplyToObject";
displayTestTile(TEST_NAME);
// GIVEN
PrismObject<RoleType> role = PrismTestUtil.parseObject(ROLE_CONSTRUCTION_FILE);
//Delta
ConstructionType construction = new ConstructionType();
ObjectReferenceType resourceRef = new ObjectReferenceType();
resourceRef.setOid(ROLE_CONSTRUCTION_RESOURCE_OID);
resourceRef.setType(ObjectTypes.RESOURCE.getTypeQName());
construction.setResourceRef(resourceRef);
// No container ID
ObjectDelta<RoleType> roleDelta = ObjectDelta.createModificationDeleteContainer(RoleType.class, ROLE_CONSTRUCTION_OID, new ItemPath(new NameItemPathSegment(RoleType.F_INDUCEMENT), new IdItemPathSegment(ROLE_CONSTRUCTION_INDUCEMENT_ID), new NameItemPathSegment(AssignmentType.F_CONSTRUCTION)), getPrismContext(), construction);
// WHEN
roleDelta.applyTo(role);
// THEN
System.out.println("Role after delta application:");
System.out.println(role.debugDump());
assertEquals("Wrong OID", ROLE_CONSTRUCTION_OID, role.getOid());
PrismAsserts.assertPropertyValue(role, UserType.F_NAME, PrismTestUtil.createPolyString("Construction"));
PrismContainer<AssignmentType> inducementContainer = role.findContainer(RoleType.F_INDUCEMENT);
assertNotNull("No inducement", inducementContainer);
assertEquals("Unexpected number of inducement values", 1, inducementContainer.size());
PrismContainerValue<AssignmentType> inducementValue = inducementContainer.getValues().iterator().next();
AssignmentType inducement = inducementValue.asContainerable();
ConstructionType constructionAfter = inducement.getConstruction();
// construction should be gone (the error is that it is empty and not gone)
assertNull("Construction is not gone", constructionAfter);
}
Also used :
ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)
RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType)
ConstructionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType)
IdItemPathSegment(com.evolveum.midpoint.prism.path.IdItemPathSegment)
AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType)
NameItemPathSegment(com.evolveum.midpoint.prism.path.NameItemPathSegment)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Test(org.testng.annotations.Test)
Example 82 with ItemPath
use of com.evolveum.midpoint.prism.path.ItemPath in project midpoint by Evolveum.
the class TestParseObjectTemplate method assertObjectTemplateInternals.
// checks raw values of mappings
// should be called only on reparsed values in order to catch some raw-data-related serialization issues (MID-2196)
private void assertObjectTemplateInternals(PrismObject<ObjectTemplateType> object, QName elementName) throws SchemaException {
int assignmentValuesFound = 0;
for (ObjectTemplateMappingType mappingType : object.asObjectable().getMapping()) {
if (mappingType.getExpression() != null) {
if (mappingType.getTarget() != null && mappingType.getTarget().getPath() != null && new ItemPath(UserType.F_ASSIGNMENT).equivalent(mappingType.getTarget().getPath().getItemPath())) {
ItemDefinition assignmentDef = PrismTestUtil.getPrismContext().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(UserType.class).findItemDefinition(UserType.F_ASSIGNMENT);
for (JAXBElement evaluator : mappingType.getExpression().getExpressionEvaluator()) {
if (evaluator.getValue() instanceof RawType) {
RawType rawType = (RawType) evaluator.getValue();
Item assignment = rawType.getParsedItem(assignmentDef);
System.out.println("assignment:\n" + assignment.debugDump());
assignmentValuesFound++;
}
}
}
}
}
assertEquals("wrong # of assignment values found in mapping", 2, assignmentValuesFound);
}
Also used :
ObjectTemplateMappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectTemplateMappingType)
JAXBElement(javax.xml.bind.JAXBElement)
RawType(com.evolveum.prism.xml.ns._public.types_3.RawType)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 83 with ItemPath
use of com.evolveum.midpoint.prism.path.ItemPath in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method getAssignableRoleSpecification.
@Override
public <F extends FocusType> RoleSelectionSpecification getAssignableRoleSpecification(PrismObject<F> focus, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException {
OperationResult result = parentResult.createMinorSubresult(GET_ASSIGNABLE_ROLE_SPECIFICATION);
RoleSelectionSpecification spec = new RoleSelectionSpecification();
ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(focus, null);
if (securityConstraints == null) {
return null;
}
AuthorizationDecisionType decision = securityConstraints.findItemDecision(new ItemPath(FocusType.F_ASSIGNMENT), ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
decision = securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
try {
ObjectFilter filter = securityEnforcer.preProcessObjectFilter(ModelAuthorizationAction.ASSIGN.getUrl(), AuthorizationPhaseType.REQUEST, AbstractRoleType.class, focus, AllFilter.createAll());
LOGGER.trace("assignableRoleSpec filter: {}", filter);
spec.setFilter(filter);
if (filter instanceof NoneFilter) {
result.recordSuccess();
spec.setNoRoleTypes();
return spec;
} else if (filter == null || filter instanceof AllFilter) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else if (filter instanceof OrFilter) {
Collection<RoleSelectionSpecEntry> allRoleTypeDvals = new ArrayList<>();
for (ObjectFilter subfilter : ((OrFilter) filter).getConditions()) {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(subfilter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
// This branch of the OR clause does not have any constraint for roleType
// therefore all role types are possible (regardless of other branches, this is OR)
spec = new RoleSelectionSpecification();
spec.setFilter(filter);
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
allRoleTypeDvals.addAll(roleTypeDvals);
}
}
addRoleTypeSpecEntries(spec, allRoleTypeDvals, result);
} else {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(filter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
addRoleTypeSpecEntries(spec, roleTypeDvals, result);
}
}
result.recordSuccess();
return spec;
} catch (SchemaException | ConfigurationException | ObjectNotFoundException e) {
result.recordFatalError(e);
throw e;
}
}
Also used :
NoneFilter(com.evolveum.midpoint.prism.query.NoneFilter)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
ObjectSecurityConstraints(com.evolveum.midpoint.security.api.ObjectSecurityConstraints)
AllFilter(com.evolveum.midpoint.prism.query.AllFilter)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 84 with ItemPath
use of com.evolveum.midpoint.prism.path.ItemPath in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method getRoleSpecEntriesForAllRoles.
private Collection<RoleSelectionSpecEntry> getRoleSpecEntriesForAllRoles(OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException {
ObjectTemplateType objectTemplateType = schemaTransformer.determineObjectTemplate(RoleType.class, AuthorizationPhaseType.REQUEST, result);
if (objectTemplateType == null) {
return null;
}
Collection<RoleSelectionSpecEntry> allEntries = new ArrayList();
for (ObjectTemplateItemDefinitionType itemDef : objectTemplateType.getItem()) {
ItemPathType ref = itemDef.getRef();
if (ref == null) {
continue;
}
ItemPath itemPath = ref.getItemPath();
QName itemName = ItemPath.getName(itemPath.first());
if (itemName == null) {
continue;
}
if (QNameUtil.match(RoleType.F_ROLE_TYPE, itemName)) {
ObjectReferenceType valueEnumerationRef = itemDef.getValueEnumerationRef();
if (valueEnumerationRef == null || valueEnumerationRef.getOid() == null) {
return allEntries;
}
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(LookupTableType.F_ROW, GetOperationOptions.createRetrieve(RetrieveOption.INCLUDE));
PrismObject<LookupTableType> lookup = cacheRepositoryService.getObject(LookupTableType.class, valueEnumerationRef.getOid(), options, result);
for (LookupTableRowType row : lookup.asObjectable().getRow()) {
PolyStringType polyLabel = row.getLabel();
String key = row.getKey();
String label = key;
if (polyLabel != null) {
label = polyLabel.getOrig();
}
RoleSelectionSpecEntry roleTypeDval = new RoleSelectionSpecEntry(key, label, null);
allEntries.add(roleTypeDval);
}
return allEntries;
}
}
return allEntries;
}
Also used :
PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType)
ItemPathType(com.evolveum.prism.xml.ns._public.types_3.ItemPathType)
QName(javax.xml.namespace.QName)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 85 with ItemPath
use of com.evolveum.midpoint.prism.path.ItemPath in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method getEditObjectClassDefinition.
@Override
public RefinedObjectClassDefinition getEditObjectClassDefinition(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, AuthorizationPhaseType phase) throws SchemaException {
Validate.notNull(resource, "Resource must not be null");
RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resource);
CompositeRefinedObjectClassDefinition rocd = refinedSchema.determineCompositeObjectClassDefinition(shadow);
if (rocd == null) {
LOGGER.debug("No object class definition for shadow {}, returning null");
return null;
}
LayerRefinedObjectClassDefinition layeredROCD = rocd.forLayer(LayerType.PRESENTATION);
// TODO: maybe we need to expose owner resolver in the interface?
ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(shadow, null);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Security constrains for {}:\n{}", shadow, securityConstraints == null ? "null" : securityConstraints.debugDump());
}
if (securityConstraints == null) {
return null;
}
ItemPath attributesPath = new ItemPath(ShadowType.F_ATTRIBUTES);
AuthorizationDecisionType attributesReadDecision = schemaTransformer.computeItemDecision(securityConstraints, attributesPath, ModelAuthorizationAction.READ.getUrl(), securityConstraints.getActionDecision(ModelAuthorizationAction.READ.getUrl(), phase), phase);
AuthorizationDecisionType attributesAddDecision = schemaTransformer.computeItemDecision(securityConstraints, attributesPath, ModelAuthorizationAction.ADD.getUrl(), securityConstraints.getActionDecision(ModelAuthorizationAction.ADD.getUrl(), phase), phase);
AuthorizationDecisionType attributesModifyDecision = schemaTransformer.computeItemDecision(securityConstraints, attributesPath, ModelAuthorizationAction.MODIFY.getUrl(), securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), phase), phase);
LOGGER.trace("Attributes container access read:{}, add:{}, modify:{}", attributesReadDecision, attributesAddDecision, attributesModifyDecision);
/*
* We are going to modify attribute definitions list.
* So let's make a (shallow) clone here, although it is probably not strictly necessary.
*/
layeredROCD = layeredROCD.clone();
for (LayerRefinedAttributeDefinition rAttrDef : layeredROCD.getAttributeDefinitions()) {
ItemPath attributePath = new ItemPath(ShadowType.F_ATTRIBUTES, rAttrDef.getName());
AuthorizationDecisionType attributeReadDecision = schemaTransformer.computeItemDecision(securityConstraints, attributePath, ModelAuthorizationAction.READ.getUrl(), attributesReadDecision, phase);
AuthorizationDecisionType attributeAddDecision = schemaTransformer.computeItemDecision(securityConstraints, attributePath, ModelAuthorizationAction.ADD.getUrl(), attributesAddDecision, phase);
AuthorizationDecisionType attributeModifyDecision = schemaTransformer.computeItemDecision(securityConstraints, attributePath, ModelAuthorizationAction.MODIFY.getUrl(), attributesModifyDecision, phase);
LOGGER.trace("Attribute {} access read:{}, add:{}, modify:{}", rAttrDef.getName(), attributeReadDecision, attributeAddDecision, attributeModifyDecision);
if (attributeReadDecision != AuthorizationDecisionType.ALLOW) {
((LayerRefinedAttributeDefinitionImpl) rAttrDef).setOverrideCanRead(false);
}
if (attributeAddDecision != AuthorizationDecisionType.ALLOW) {
((LayerRefinedAttributeDefinitionImpl) rAttrDef).setOverrideCanAdd(false);
}
if (attributeModifyDecision != AuthorizationDecisionType.ALLOW) {
((LayerRefinedAttributeDefinitionImpl) rAttrDef).setOverrideCanModify(false);
}
}
return layeredROCD;
}
Also used :
ObjectSecurityConstraints(com.evolveum.midpoint.security.api.ObjectSecurityConstraints)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Aggregations
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)693
Test (org.testng.annotations.Test)184
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)143
QName (javax.xml.namespace.QName)137
Task (com.evolveum.midpoint.task.api.Task)104
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)84
ArrayList (java.util.ArrayList)79
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)71
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)68
ItemDelta (com.evolveum.midpoint.prism.delta.ItemDelta)61
ItemPathType (com.evolveum.prism.xml.ns._public.types_3.ItemPathType)48
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)46
PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)41
NameItemPathSegment (com.evolveum.midpoint.prism.path.NameItemPathSegment)41
PrismObject (com.evolveum.midpoint.prism.PrismObject)38
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)38
PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)38
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)33
IdItemPathSegment (com.evolveum.midpoint.prism.path.IdItemPathSegment)31
NotNull (org.jetbrains.annotations.NotNull)30
