Example 1 with AllFilter
use of com.evolveum.midpoint.prism.query.AllFilter in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method getAssignableRoleSpecification.
@Override
public <F extends FocusType> RoleSelectionSpecification getAssignableRoleSpecification(PrismObject<F> focus, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException {
OperationResult result = parentResult.createMinorSubresult(GET_ASSIGNABLE_ROLE_SPECIFICATION);
RoleSelectionSpecification spec = new RoleSelectionSpecification();
ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(focus, null);
if (securityConstraints == null) {
return null;
}
AuthorizationDecisionType decision = securityConstraints.findItemDecision(new ItemPath(FocusType.F_ASSIGNMENT), ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
decision = securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
try {
ObjectFilter filter = securityEnforcer.preProcessObjectFilter(ModelAuthorizationAction.ASSIGN.getUrl(), AuthorizationPhaseType.REQUEST, AbstractRoleType.class, focus, AllFilter.createAll());
LOGGER.trace("assignableRoleSpec filter: {}", filter);
spec.setFilter(filter);
if (filter instanceof NoneFilter) {
result.recordSuccess();
spec.setNoRoleTypes();
return spec;
} else if (filter == null || filter instanceof AllFilter) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else if (filter instanceof OrFilter) {
Collection<RoleSelectionSpecEntry> allRoleTypeDvals = new ArrayList<>();
for (ObjectFilter subfilter : ((OrFilter) filter).getConditions()) {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(subfilter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
// This branch of the OR clause does not have any constraint for roleType
// therefore all role types are possible (regardless of other branches, this is OR)
spec = new RoleSelectionSpecification();
spec.setFilter(filter);
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
allRoleTypeDvals.addAll(roleTypeDvals);
}
}
addRoleTypeSpecEntries(spec, allRoleTypeDvals, result);
} else {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(filter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
addRoleTypeSpecEntries(spec, roleTypeDvals, result);
}
}
result.recordSuccess();
return spec;
} catch (SchemaException | ConfigurationException | ObjectNotFoundException e) {
result.recordFatalError(e);
throw e;
}
}
Also used :
NoneFilter(com.evolveum.midpoint.prism.query.NoneFilter)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
ObjectSecurityConstraints(com.evolveum.midpoint.security.api.ObjectSecurityConstraints)
AllFilter(com.evolveum.midpoint.prism.query.AllFilter)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with AllFilter
use of com.evolveum.midpoint.prism.query.AllFilter in project midpoint by Evolveum.
the class ExistsRestriction method interpret.
@Override
public Condition interpret() throws QueryException {
HqlDataInstance dataInstance = getItemPathResolver().resolveItemPath(filter.getFullPath(), filter.getDefinition(), getBaseHqlEntity(), false);
boolean isAll = filter.getFilter() == null || filter.getFilter() instanceof AllFilter;
JpaDataNodeDefinition jpaDefinition = dataInstance.getJpaDefinition();
if (!isAll) {
if (!(jpaDefinition instanceof JpaEntityDefinition)) {
// partially checked already (for non-null-ness)
throw new QueryException("ExistsRestriction with non-empty subfilter points to non-entity node: " + jpaDefinition);
}
setHqlDataInstance(dataInstance);
QueryInterpreter2 interpreter = context.getInterpreter();
return interpreter.interpretFilter(context, filter.getFilter(), this);
} else if (jpaDefinition instanceof JpaPropertyDefinition && (((JpaPropertyDefinition) jpaDefinition).isCount())) {
RootHibernateQuery hibernateQuery = context.getHibernateQuery();
return hibernateQuery.createSimpleComparisonCondition(dataInstance.getHqlPath(), 0, ">");
} else {
// TODO support exists also for other properties (single valued or multi valued)
throw new UnsupportedOperationException("Exists filter with 'all' subfilter is currently not supported");
}
}
Also used :
JpaDataNodeDefinition(com.evolveum.midpoint.repo.sql.query2.definition.JpaDataNodeDefinition)
HqlDataInstance(com.evolveum.midpoint.repo.sql.query2.resolution.HqlDataInstance)
QueryException(com.evolveum.midpoint.repo.sql.query.QueryException)
AllFilter(com.evolveum.midpoint.prism.query.AllFilter)
RootHibernateQuery(com.evolveum.midpoint.repo.sql.query2.hqm.RootHibernateQuery)
JpaEntityDefinition(com.evolveum.midpoint.repo.sql.query2.definition.JpaEntityDefinition)
JpaPropertyDefinition(com.evolveum.midpoint.repo.sql.query2.definition.JpaPropertyDefinition)
QueryInterpreter2(com.evolveum.midpoint.repo.sql.query2.QueryInterpreter2)
Aggregations
AllFilter (com.evolveum.midpoint.prism.query.AllFilter)2
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
NoneFilter (com.evolveum.midpoint.prism.query.NoneFilter)1
ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)1
OrFilter (com.evolveum.midpoint.prism.query.OrFilter)1
QueryException (com.evolveum.midpoint.repo.sql.query.QueryException)1
QueryInterpreter2 (com.evolveum.midpoint.repo.sql.query2.QueryInterpreter2)1
JpaDataNodeDefinition (com.evolveum.midpoint.repo.sql.query2.definition.JpaDataNodeDefinition)1
JpaEntityDefinition (com.evolveum.midpoint.repo.sql.query2.definition.JpaEntityDefinition)1
JpaPropertyDefinition (com.evolveum.midpoint.repo.sql.query2.definition.JpaPropertyDefinition)1
RootHibernateQuery (com.evolveum.midpoint.repo.sql.query2.hqm.RootHibernateQuery)1
HqlDataInstance (com.evolveum.midpoint.repo.sql.query2.resolution.HqlDataInstance)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
ObjectSecurityConstraints (com.evolveum.midpoint.security.api.ObjectSecurityConstraints)1
ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)1
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1
