Search in sources :

Example 51 with ResourceObjectDefinition

use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.

the class TestSecurityBasic method test259AutzJackSelfAccountsPartialControl.

/**
 * Test getEditObjectDefinition for shadow.
 * It should also call and apply edited schema for attributes.
 */
@Test
public void test259AutzJackSelfAccountsPartialControl() throws Exception {
    given();
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
    assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    when();
    login(USER_JACK_USERNAME);
    then();
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    Task task = getTestTask();
    OperationResult result = task.getResult();
    PrismObjectDefinition<ShadowType> rOcDef = modelInteractionService.getEditObjectDefinition(shadow, null, task, result);
    shadow.applyDefinition(rOcDef, true);
    ResourceAttributeContainer resourceAttributeCOntainer = ShadowUtil.getAttributesContainer(shadow);
    ResourceObjectDefinition containerDef = resourceAttributeCOntainer.getDefinition().getComplexTypeDefinition();
    Item attr = resourceAttributeCOntainer.findItem(new ItemName("weapon"));
    ItemDefinition attrDf = attr.getDefinition();
    assertTrue("Expected that attribute can be read", attrDf.canRead());
    assertFalse("Expected that attribute cannot be added", attrDf.canAdd());
    assertFalse("Expected that attribute cannot be modified", attrDf.canModify());
    displayDumpable("Refined objectclass def", containerDef);
    assertAttributeFlags(containerDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(containerDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(containerDef, new ItemName("location"), true, true, true);
    assertAttributeFlags(containerDef, new ItemName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    assertPasswordChangeAllow(UserType.class, USER_JACK_OID, "nbusr123");
    assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    assertGlobalStateUntouched();
}
Also used : Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition) ItemName(com.evolveum.midpoint.prism.path.ItemName) Test(org.testng.annotations.Test)

Example 52 with ResourceObjectDefinition

use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.

the class LensUtil method refineProjectionIntent.

public static String refineProjectionIntent(ShadowKindType kind, String intent, ResourceType resource) throws SchemaException {
    ResourceSchema schema = ResourceSchemaFactory.getCompleteSchema(resource, LayerType.MODEL);
    ResourceObjectDefinition rObjClassDef = schema.findObjectDefinition(kind, intent);
    if (rObjClassDef == null) {
        LOGGER.error("No projection definition for kind={}, intent={} in {}", kind, intent, resource);
        LOGGER.error("Diagnostic output follows:\n\nResource:\n{}\n\nRefined resource schema:\n{}", resource.asPrismObject().debugDump(), schema.debugDump());
        throw new SchemaException("No projection definition for kind=" + kind + " intent=" + intent + " in " + resource);
    }
    return getIntent(rObjClassDef);
}
Also used : ResourceSchema(com.evolveum.midpoint.schema.processor.ResourceSchema) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition)

Example 53 with ResourceObjectDefinition

use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.

the class AssignedResourceObjectConstruction method initializeDefinitions.

@Override
protected void initializeDefinitions() throws SchemaException {
    ResourceType resource = getResolvedResource().resource;
    // evaluation without resource is skipped
    assert resource != null;
    assert constructionBean != null;
    ResourceSchema refinedSchema = ResourceSchemaFactory.getCompleteSchema(resource, LayerType.MODEL);
    if (refinedSchema == null) {
        // Refined schema may be null in some error-related border cases
        throw new SchemaException("No (refined) schema for " + resource);
    }
    ShadowKindType kind = defaultIfNull(constructionBean.getKind(), ShadowKindType.ACCOUNT);
    String intent = constructionBean.getIntent();
    ResourceObjectDefinition resourceObjectDefinition = refinedSchema.findObjectDefinition(kind, intent);
    if (resourceObjectDefinition == null) {
        if (intent != null) {
            throw new SchemaException("No " + kind + " type with intent '" + intent + "' found in " + resource + " as specified in construction in " + getSource());
        } else {
            throw new SchemaException("No default " + kind + " type found in " + resource + " as specified in construction in " + getSource());
        }
    }
    setResourceObjectDefinition(resourceObjectDefinition);
    for (QName auxiliaryObjectClassName : constructionBean.getAuxiliaryObjectClass()) {
        ResourceObjectDefinition auxOcDef = refinedSchema.findDefinitionForObjectClass(auxiliaryObjectClassName);
        if (auxOcDef == null) {
            throw new SchemaException("No auxiliary object class " + auxiliaryObjectClassName + " found in " + resource + " as specified in construction in " + source);
        }
        addAuxiliaryObjectClassDefinition(auxOcDef);
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ResourceSchema(com.evolveum.midpoint.schema.processor.ResourceSchema) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition) QName(javax.xml.namespace.QName)

Example 54 with ResourceObjectDefinition

use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.

the class EvaluatedPlainResourceObjectConstructionImpl method getAttributesToEvaluate.

@Override
protected List<AttributeEvaluation<AH>> getAttributesToEvaluate(ConstructionEvaluation<AH, ?> constructionEvaluation) {
    List<AttributeEvaluation<AH>> attributesToEvaluate = new ArrayList<>();
    ResourceObjectDefinition objectDefinition = construction.getResourceObjectDefinitionRequired();
    for (ResourceAttributeDefinition<?> refinedAttributeDefinition : objectDefinition.getAttributeDefinitions()) {
        MappingType outboundMappingBean = refinedAttributeDefinition.getOutboundMappingBean();
        if (outboundMappingBean == null) {
            continue;
        }
        if (refinedAttributeDefinition.getProcessing(LayerType.MODEL) == ItemProcessing.IGNORE) {
            LOGGER.trace("Skipping processing outbound mapping for attribute {} because it is ignored", refinedAttributeDefinition);
            continue;
        }
        attributesToEvaluate.add(new AttributeEvaluation<>(constructionEvaluation, refinedAttributeDefinition, outboundMappingBean, OriginType.OUTBOUND, MappingKindType.OUTBOUND));
    }
    return attributesToEvaluate;
}
Also used : MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition) ArrayList(java.util.ArrayList)

Example 55 with ResourceObjectDefinition

use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.

the class TestPreviewChanges method test150GetGuybrushRefinedObjectClassDef.

@Test
public void test150GetGuybrushRefinedObjectClassDef() throws Exception {
    // GIVEN
    Task task = getTestTask();
    OperationResult result = task.getResult();
    PrismObject<ShadowType> shadow = getShadowModel(ACCOUNT_SHADOW_GUYBRUSH_OID);
    // WHEN
    ResourceObjectDefinition rOCDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), AuthorizationPhaseType.REQUEST, task, result);
    // THEN
    assertSuccess(result);
    displayDumpable("Refined object class", rOCDef);
    assertNotNull("Null config", rOCDef);
    display("Password credentials outbound", rOCDef.getPasswordOutbound());
    assertNotNull("Assert not null", rOCDef.getPasswordOutbound());
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ResourceObjectDefinition(com.evolveum.midpoint.schema.processor.ResourceObjectDefinition) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Test(org.testng.annotations.Test)

Aggregations

ResourceObjectDefinition (com.evolveum.midpoint.schema.processor.ResourceObjectDefinition)64 QName (javax.xml.namespace.QName)19 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)17 ResourceSchema (com.evolveum.midpoint.schema.processor.ResourceSchema)16 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)14 ArrayList (java.util.ArrayList)14 Task (com.evolveum.midpoint.task.api.Task)12 Test (org.testng.annotations.Test)12 ResourceAttributeDefinition (com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition)8 NotNull (org.jetbrains.annotations.NotNull)8 ResourceAttributeContainer (com.evolveum.midpoint.schema.processor.ResourceAttributeContainer)6 ResourceAssociationDefinition (com.evolveum.midpoint.schema.processor.ResourceAssociationDefinition)5 Collection (java.util.Collection)5 Nullable (org.jetbrains.annotations.Nullable)5 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)4 ResourceAttribute (com.evolveum.midpoint.schema.processor.ResourceAttribute)4 ResourceObjectTypeDefinition (com.evolveum.midpoint.schema.processor.ResourceObjectTypeDefinition)4 AutoCompleteQNamePanel (com.evolveum.midpoint.gui.api.component.autocomplete.AutoCompleteQNamePanel)3 AutoCompleteTextPanel (com.evolveum.midpoint.gui.api.component.autocomplete.AutoCompleteTextPanel)2 ItemName (com.evolveum.midpoint.prism.path.ItemName)2