use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestRefinedSchema method test122DetermineObjectClassKindIntentModel.
@Test
public void test122DetermineObjectClassKindIntentModel() throws Exception {
OperationResult result = createOperationResult();
importObjectFromFile(TASK_RECONCILE_DUMMY_KIND_INTENT_FILE);
Task task = taskManager.getTaskPlain(TASK_RECONCILE_DUMMY_KIND_INTENT_OID, result);
display("Task", task);
// WHEN
ResourceObjectDefinition objectClass = ModelImplUtils.determineObjectDefinition(refinedSchemaModel, task);
// THEN
displayDumpable("Object class", objectClass);
displayValue("Object class (toString)", objectClass.toString());
deleteObject(TaskType.class, TASK_RECONCILE_DUMMY_KIND_INTENT_OID);
assertLayerRefinedObjectClass(objectClass, RESOURCE_DUMMY_PRIVILEGE_OBJECTCLASS_QNAME, ShadowKindType.ENTITLEMENT, "privilege", LayerType.MODEL);
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestRefinedSchema method test110DetermineObjectClassObjectClass.
@Test
public void test110DetermineObjectClassObjectClass() throws Exception {
OperationResult result = createOperationResult();
importObjectFromFile(TASK_RECONCILE_DUMMY_OBJECTCLASS_FILE);
Task task = taskManager.getTaskPlain(TASK_RECONCILE_DUMMY_OBJECTCLASS_OID, result);
display("Task", task);
// WHEN
ResourceObjectDefinition objectClass = ModelImplUtils.determineObjectDefinition(refinedSchema, task);
// THEN
displayDumpable("Object class", objectClass);
deleteObject(TaskType.class, TASK_RECONCILE_DUMMY_OBJECTCLASS_OID);
assertObjectClass(objectClass, RESOURCE_DUMMY_ACCOUNT_OBJECTCLASS_QNAME);
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class AbstractModelImplementationIntegrationTest method createAccountDelta.
protected <T> ObjectDelta<ShadowType> createAccountDelta(LensProjectionContext accCtx, String accountOid, String attributeLocalName, T... propertyValues) throws SchemaException {
ResourceType resourceType = accCtx.getResource();
QName attrQName = new QName(MidPointConstants.NS_RI, attributeLocalName);
ItemPath attrPath = ItemPath.create(ShadowType.F_ATTRIBUTES, attrQName);
ResourceObjectDefinition refinedAccountDefinition = accCtx.getCompositeObjectDefinition();
// noinspection unchecked
ResourceAttributeDefinition<T> attrDef = (ResourceAttributeDefinition<T>) refinedAccountDefinition.findAttributeDefinition(attrQName);
assertNotNull("No definition of attribute " + attrQName + " in account def " + refinedAccountDefinition, attrDef);
ObjectDelta<ShadowType> accountDelta = prismContext.deltaFactory().object().createEmptyModifyDelta(ShadowType.class, accountOid);
PropertyDelta<T> attrDelta = prismContext.deltaFactory().property().create(attrPath, attrDef);
attrDelta.setValuesToReplace(PrismValueCollectionsUtil.createCollection(prismContext, propertyValues));
accountDelta.addModification(attrDelta);
return accountDelta;
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestSecurityBasic method test258AutzJackSelfAccountsPartialControlPassword.
@Test
public void test258AutzJackSelfAccountsPartialControlPassword() throws Exception {
given();
cleanupAutzTest(USER_JACK_OID);
assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
when();
login(USER_JACK_USERNAME);
then();
assertGetAllow(UserType.class, USER_JACK_OID);
assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
assertAddDeny();
assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
assertDeleteDeny();
assertDeleteDeny(UserType.class, USER_JACK_OID);
PrismObject<UserType> user = getUser(USER_JACK_OID);
String accountOid = getSingleLinkOid(user);
assertGetAllow(ShadowType.class, accountOid);
PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
display("Jack's shadow", shadow);
Task task = getTestTask();
OperationResult result = task.getResult();
ResourceObjectDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null, task, result);
displayDumpable("Refined objectclass def", rOcDef);
assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
// Not linked to jack
assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
// Not linked to jack
assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
// Not even jack's account
assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
assertPasswordChangeAllow(UserType.class, USER_JACK_OID, "nbusr123");
assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
assertGlobalStateUntouched();
}
use of com.evolveum.midpoint.schema.processor.ResourceObjectDefinition in project midpoint by Evolveum.
the class TestSecurityBasic method test256AutzJackSelfAccountsPartialControl.
@Test
public void test256AutzJackSelfAccountsPartialControl() throws Exception {
given();
cleanupAutzTest(USER_JACK_OID);
assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_OID);
assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
when();
login(USER_JACK_USERNAME);
then();
assertGetAllow(UserType.class, USER_JACK_OID);
assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
assertAddDeny();
assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
assertDeleteDeny();
assertDeleteDeny(UserType.class, USER_JACK_OID);
PrismObject<UserType> user = getUser(USER_JACK_OID);
String accountOid = getSingleLinkOid(user);
assertGetAllow(ShadowType.class, accountOid);
PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
display("Jack's shadow", shadow);
Task task = getTestTask();
OperationResult result = task.getResult();
ResourceObjectDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null, task, result);
displayDumpable("Refined objectclass def", rOcDef);
assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
// Not linked to jack
assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
// Not linked to jack
assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
// Not even jack's account
assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
assertPasswordChangeDeny(UserType.class, USER_JACK_OID, "nbusr123");
assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
assertGlobalStateUntouched();
}
Aggregations