Example 1 with OrFilter
use of com.evolveum.midpoint.prism.query.OrFilter in project midpoint by Evolveum.
the class ModelInteractionServiceImpl method getAssignableRoleSpecification.
@Override
public <F extends FocusType> RoleSelectionSpecification getAssignableRoleSpecification(PrismObject<F> focus, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException {
OperationResult result = parentResult.createMinorSubresult(GET_ASSIGNABLE_ROLE_SPECIFICATION);
RoleSelectionSpecification spec = new RoleSelectionSpecification();
ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(focus, null);
if (securityConstraints == null) {
return null;
}
AuthorizationDecisionType decision = securityConstraints.findItemDecision(new ItemPath(FocusType.F_ASSIGNMENT), ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
decision = securityConstraints.getActionDecision(ModelAuthorizationAction.MODIFY.getUrl(), AuthorizationPhaseType.REQUEST);
if (decision == AuthorizationDecisionType.ALLOW) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
}
if (decision == AuthorizationDecisionType.DENY) {
result.recordSuccess();
spec.setNoRoleTypes();
spec.setFilter(NoneFilter.createNone());
return spec;
}
try {
ObjectFilter filter = securityEnforcer.preProcessObjectFilter(ModelAuthorizationAction.ASSIGN.getUrl(), AuthorizationPhaseType.REQUEST, AbstractRoleType.class, focus, AllFilter.createAll());
LOGGER.trace("assignableRoleSpec filter: {}", filter);
spec.setFilter(filter);
if (filter instanceof NoneFilter) {
result.recordSuccess();
spec.setNoRoleTypes();
return spec;
} else if (filter == null || filter instanceof AllFilter) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else if (filter instanceof OrFilter) {
Collection<RoleSelectionSpecEntry> allRoleTypeDvals = new ArrayList<>();
for (ObjectFilter subfilter : ((OrFilter) filter).getConditions()) {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(subfilter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
// This branch of the OR clause does not have any constraint for roleType
// therefore all role types are possible (regardless of other branches, this is OR)
spec = new RoleSelectionSpecification();
spec.setFilter(filter);
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
allRoleTypeDvals.addAll(roleTypeDvals);
}
}
addRoleTypeSpecEntries(spec, allRoleTypeDvals, result);
} else {
Collection<RoleSelectionSpecEntry> roleTypeDvals = getRoleSelectionSpecEntries(filter);
if (roleTypeDvals == null || roleTypeDvals.isEmpty()) {
getAllRoleTypesSpec(spec, result);
result.recordSuccess();
return spec;
} else {
addRoleTypeSpecEntries(spec, roleTypeDvals, result);
}
}
result.recordSuccess();
return spec;
} catch (SchemaException | ConfigurationException | ObjectNotFoundException e) {
result.recordFatalError(e);
throw e;
}
}
Also used :
NoneFilter(com.evolveum.midpoint.prism.query.NoneFilter)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
ObjectSecurityConstraints(com.evolveum.midpoint.security.api.ObjectSecurityConstraints)
AllFilter(com.evolveum.midpoint.prism.query.AllFilter)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with OrFilter
use of com.evolveum.midpoint.prism.query.OrFilter in project midpoint by Evolveum.
the class AbstractPopupTabPanel method initObjectListPanel.
protected Component initObjectListPanel() {
PopupObjectListPanel<O> listPanel = new PopupObjectListPanel<>(ID_OBJECT_LIST_PANEL, getObjectType().getClassDefinition(), true) {
private static final long serialVersionUID = 1L;
@Override
protected List<IColumn<SelectableBean<O>, String>> createDefaultColumns() {
if (AbstractRoleType.class.isAssignableFrom(getType())) {
return new ArrayList<>((Collection) ColumnUtils.getDefaultAbstractRoleColumns(false));
} else {
return super.createDefaultColumns();
}
}
@Override
protected void onUpdateCheckbox(AjaxRequestTarget target, IModel<SelectableBean<O>> rowModel) {
onSelectionPerformed(target, rowModel);
}
@Override
protected List<O> getPreselectedObjectList() {
return getPreselectedObjects();
}
@Override
protected IModel<Boolean> getCheckBoxEnableModel(IModel<SelectableBean<O>> rowModel) {
return getObjectSelectCheckBoxEnableModel(rowModel);
}
@Override
protected ObjectQuery getCustomizeContentQuery() {
ObjectQuery customQuery = AbstractPopupTabPanel.this.addFilterToContentQuery();
if (customQuery == null) {
customQuery = AbstractPopupTabPanel.this.getPageBase().getPrismContext().queryFactory().createQuery();
}
List<ObjectReferenceType> archetypeRefList = getArchetypeRefList();
if (!CollectionUtils.isEmpty(archetypeRefList)) {
List<ObjectFilter> archetypeRefFilterList = new ArrayList<>();
for (ObjectReferenceType archetypeRef : archetypeRefList) {
ObjectFilter filter = AbstractPopupTabPanel.this.getPageBase().getPrismContext().queryFor(AssignmentHolderType.class).item(AssignmentHolderType.F_ARCHETYPE_REF).ref(archetypeRef.getOid()).buildFilter();
((RefFilter) filter).setTargetTypeNullAsAny(true);
archetypeRefFilterList.add(filter);
}
if (!CollectionUtils.isEmpty(archetypeRefFilterList)) {
OrFilter archetypeRefOrFilter = AbstractPopupTabPanel.this.getPageBase().getPrismContext().queryFactory().createOr(archetypeRefFilterList);
customQuery.addFilter(archetypeRefOrFilter);
}
}
ObjectFilter subTypeFilter = getSubtypeFilter();
if (subTypeFilter != null) {
customQuery.addFilter(subTypeFilter);
}
return customQuery;
}
};
listPanel.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;
public boolean isVisible() {
return isObjectListPanelVisible();
}
});
listPanel.setOutputMarkupId(true);
return listPanel;
}
Also used :
RefFilter(com.evolveum.midpoint.prism.query.RefFilter)
IModel(org.apache.wicket.model.IModel)
ArrayList(java.util.ArrayList)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)
IColumn(org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn)
VisibleEnableBehaviour(com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour)
AssignmentHolderType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType)
Example 3 with OrFilter
use of com.evolveum.midpoint.prism.query.OrFilter in project midpoint by Evolveum.
the class LogicalOperation method interpret.
@Override
public <T> Filter interpret(ObjectFilter objectFilter, ConnIdNameMapper icfNameMapper) throws SchemaException {
if (objectFilter instanceof NotFilter) {
NotFilter not = (NotFilter) objectFilter;
if (not.getFilter() == null) {
LOGGER.debug("Not filter does not contain any condition. Skipping processing not filter.");
return null;
}
Filter f = getInterpreter().interpret(not.getFilter(), icfNameMapper);
return FilterBuilder.not(f);
} else {
NaryLogicalFilter nAry = (NaryLogicalFilter) objectFilter;
List<? extends ObjectFilter> conditions = nAry.getConditions();
if (conditions == null || conditions.isEmpty()) {
LOGGER.debug("No conditions specified for logical filter. Skipping processing logical filter.");
return null;
}
if (conditions.size() < 2) {
LOGGER.debug("Logical filter contains only one condition. Skipping processing logical filter and process simple operation of type {}.", conditions.get(0).getClass().getSimpleName());
return getInterpreter().interpret(conditions.get(0), icfNameMapper);
}
List<Filter> filters = new ArrayList<>();
for (ObjectFilter objFilter : nAry.getConditions()) {
Filter f = getInterpreter().interpret(objFilter, icfNameMapper);
filters.add(f);
}
Filter nAryFilter = null;
if (filters.size() >= 2) {
if (nAry instanceof AndFilter) {
nAryFilter = interpretAnd(filters.get(0), filters.subList(1, filters.size()));
} else if (nAry instanceof OrFilter) {
nAryFilter = interpretOr(filters.get(0), filters.subList(1, filters.size()));
}
}
return nAryFilter;
}
}
Also used :
NaryLogicalFilter(com.evolveum.midpoint.prism.query.NaryLogicalFilter)
AndFilter(com.evolveum.midpoint.prism.query.AndFilter)
NaryLogicalFilter(com.evolveum.midpoint.prism.query.NaryLogicalFilter)
Filter(org.identityconnectors.framework.common.objects.filter.Filter)
AndFilter(com.evolveum.midpoint.prism.query.AndFilter)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
NotFilter(com.evolveum.midpoint.prism.query.NotFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
NotFilter(com.evolveum.midpoint.prism.query.NotFilter)
ArrayList(java.util.ArrayList)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
OrFilter(com.evolveum.midpoint.prism.query.OrFilter)
Aggregations
ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)3
OrFilter (com.evolveum.midpoint.prism.query.OrFilter)3
ArrayList (java.util.ArrayList)2
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
AllFilter (com.evolveum.midpoint.prism.query.AllFilter)1
AndFilter (com.evolveum.midpoint.prism.query.AndFilter)1
NaryLogicalFilter (com.evolveum.midpoint.prism.query.NaryLogicalFilter)1
NoneFilter (com.evolveum.midpoint.prism.query.NoneFilter)1
NotFilter (com.evolveum.midpoint.prism.query.NotFilter)1
ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)1
RefFilter (com.evolveum.midpoint.prism.query.RefFilter)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
ObjectSecurityConstraints (com.evolveum.midpoint.security.api.ObjectSecurityConstraints)1
ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)1
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1
VisibleEnableBehaviour (com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour)1
AssignmentHolderType (com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType)1
ObjectReferenceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)1
AjaxRequestTarget (org.apache.wicket.ajax.AjaxRequestTarget)1
