use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestSecurityBasic method test259AutzJackSelfAccountsPartialControl.
/**
* Test getEditObjectDefinition for shadow.
* It should also call and apply edited schema for attributes.
*/
@Test
public void test259AutzJackSelfAccountsPartialControl() throws Exception {
given();
cleanupAutzTest(USER_JACK_OID);
assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
when();
login(USER_JACK_USERNAME);
then();
assertGetAllow(UserType.class, USER_JACK_OID);
assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
assertAddDeny();
assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
assertDeleteDeny();
assertDeleteDeny(UserType.class, USER_JACK_OID);
PrismObject<UserType> user = getUser(USER_JACK_OID);
String accountOid = getSingleLinkOid(user);
assertGetAllow(ShadowType.class, accountOid);
PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
display("Jack's shadow", shadow);
Task task = getTestTask();
OperationResult result = task.getResult();
PrismObjectDefinition<ShadowType> rOcDef = modelInteractionService.getEditObjectDefinition(shadow, null, task, result);
shadow.applyDefinition(rOcDef, true);
ResourceAttributeContainer resourceAttributeCOntainer = ShadowUtil.getAttributesContainer(shadow);
ResourceObjectDefinition containerDef = resourceAttributeCOntainer.getDefinition().getComplexTypeDefinition();
Item attr = resourceAttributeCOntainer.findItem(new ItemName("weapon"));
ItemDefinition attrDf = attr.getDefinition();
assertTrue("Expected that attribute can be read", attrDf.canRead());
assertFalse("Expected that attribute cannot be added", attrDf.canAdd());
assertFalse("Expected that attribute cannot be modified", attrDf.canModify());
displayDumpable("Refined objectclass def", containerDef);
assertAttributeFlags(containerDef, SchemaConstants.ICFS_UID, true, false, false);
assertAttributeFlags(containerDef, SchemaConstants.ICFS_NAME, true, false, false);
assertAttributeFlags(containerDef, new ItemName("location"), true, true, true);
assertAttributeFlags(containerDef, new ItemName("weapon"), true, false, false);
// Not linked to jack
assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
// Not linked to jack
assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
// Not even jack's account
assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
assertPasswordChangeAllow(UserType.class, USER_JACK_OID, "nbusr123");
assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
assertGlobalStateUntouched();
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class LensUtil method refineProjectionIntent.
public static String refineProjectionIntent(ShadowKindType kind, String intent, ResourceType resource) throws SchemaException {
ResourceSchema schema = ResourceSchemaFactory.getCompleteSchema(resource, LayerType.MODEL);
ResourceObjectDefinition rObjClassDef = schema.findObjectDefinition(kind, intent);
if (rObjClassDef == null) {
LOGGER.error("No projection definition for kind={}, intent={} in {}", kind, intent, resource);
LOGGER.error("Diagnostic output follows:\n\nResource:\n{}\n\nRefined resource schema:\n{}", resource.asPrismObject().debugDump(), schema.debugDump());
throw new SchemaException("No projection definition for kind=" + kind + " intent=" + intent + " in " + resource);
}
return getIntent(rObjClassDef);
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class AssignedResourceObjectConstruction method initializeDefinitions.
@Override
protected void initializeDefinitions() throws SchemaException {
ResourceType resource = getResolvedResource().resource;
// evaluation without resource is skipped
assert resource != null;
assert constructionBean != null;
ResourceSchema refinedSchema = ResourceSchemaFactory.getCompleteSchema(resource, LayerType.MODEL);
if (refinedSchema == null) {
// Refined schema may be null in some error-related border cases
throw new SchemaException("No (refined) schema for " + resource);
}
ShadowKindType kind = defaultIfNull(constructionBean.getKind(), ShadowKindType.ACCOUNT);
String intent = constructionBean.getIntent();
ResourceObjectDefinition resourceObjectDefinition = refinedSchema.findObjectDefinition(kind, intent);
if (resourceObjectDefinition == null) {
if (intent != null) {
throw new SchemaException("No " + kind + " type with intent '" + intent + "' found in " + resource + " as specified in construction in " + getSource());
} else {
throw new SchemaException("No default " + kind + " type found in " + resource + " as specified in construction in " + getSource());
}
}
setResourceObjectDefinition(resourceObjectDefinition);
for (QName auxiliaryObjectClassName : constructionBean.getAuxiliaryObjectClass()) {
ResourceObjectDefinition auxOcDef = refinedSchema.findDefinitionForObjectClass(auxiliaryObjectClassName);
if (auxOcDef == null) {
throw new SchemaException("No auxiliary object class " + auxiliaryObjectClassName + " found in " + resource + " as specified in construction in " + source);
}
addAuxiliaryObjectClassDefinition(auxOcDef);
}
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class EvaluatedPlainResourceObjectConstructionImpl method getAttributesToEvaluate.
@Override
protected List<AttributeEvaluation<AH>> getAttributesToEvaluate(ConstructionEvaluation<AH, ?> constructionEvaluation) {
List<AttributeEvaluation<AH>> attributesToEvaluate = new ArrayList<>();
ResourceObjectDefinition objectDefinition = construction.getResourceObjectDefinitionRequired();
for (ResourceAttributeDefinition<?> refinedAttributeDefinition : objectDefinition.getAttributeDefinitions()) {
MappingType outboundMappingBean = refinedAttributeDefinition.getOutboundMappingBean();
if (outboundMappingBean == null) {
continue;
}
if (refinedAttributeDefinition.getProcessing(LayerType.MODEL) == ItemProcessing.IGNORE) {
LOGGER.trace("Skipping processing outbound mapping for attribute {} because it is ignored", refinedAttributeDefinition);
continue;
}
attributesToEvaluate.add(new AttributeEvaluation<>(constructionEvaluation, refinedAttributeDefinition, outboundMappingBean, OriginType.OUTBOUND, MappingKindType.OUTBOUND));
}
return attributesToEvaluate;
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestPreviewChanges method test150GetGuybrushRefinedObjectClassDef.
@Test
public void test150GetGuybrushRefinedObjectClassDef() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
PrismObject<ShadowType> shadow = getShadowModel(ACCOUNT_SHADOW_GUYBRUSH_OID);
// WHEN
ResourceObjectDefinition rOCDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), AuthorizationPhaseType.REQUEST, task, result);
// THEN
assertSuccess(result);
displayDumpable("Refined object class", rOCDef);
assertNotNull("Null config", rOCDef);
display("Password credentials outbound", rOCDef.getPasswordOutbound());
assertNotNull("Assert not null", rOCDef.getPasswordOutbound());
}
Aggregations