use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.
the class AssignmentEditorPanel method isItemAllowed.
private boolean isItemAllowed(ItemPath itemPath) {
ItemSecurityDecisions decisions = decisionsModel.getObject();
if (itemPath == null || decisions == null || decisions.getItemDecisionMap() == null || decisions.getItemDecisionMap().size() == 0) {
return true;
}
Map<ItemPath, AuthorizationDecisionType> decisionsMap = decisions.getItemDecisionMap();
boolean isAllowed = false;
for (ItemPath path : decisionsMap.keySet()) {
if (path.equivalent(itemPath) && AuthorizationDecisionType.ALLOW.value().equals(decisionsMap.get(path).value())) {
return true;
}
}
return isAllowed;
}
use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method assertAllowRequestItems.
protected void assertAllowRequestItems(String userOid, String targetRoleOid, AuthorizationDecisionType expectedDefaultDecision, QName... expectedAllowedItemQNames) throws SchemaException, SecurityViolationException, CommunicationException, ObjectNotFoundException, ConfigurationException, ExpressionEvaluationException {
PrismObject<UserType> user = getUser(userOid);
PrismObject<RoleType> target = getRole(targetRoleOid);
ItemSecurityDecisions decisions = modelInteractionService.getAllowedRequestAssignmentItems(user, target);
display("Request decisions for " + target, decisions);
assertEquals("Wrong assign default decision", expectedDefaultDecision, decisions.getDefaultDecision());
assertEquals("Unexpected number of allowed items", expectedAllowedItemQNames.length, decisions.getItemDecisionMap().size());
decisions.getItemDecisionMap().forEach((path, decision) -> {
assertEquals("wrong item " + path + " decision", AuthorizationDecisionType.ALLOW, decision);
QName lastPathName = path.lastNamed().getName();
if (!Arrays.stream(expectedAllowedItemQNames).anyMatch(qname -> QNameUtil.match(qname, lastPathName))) {
AssertJUnit.fail("Unexpected path " + path);
}
});
}
use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.
the class AssignmentEditorPanel method loadSecurityDecisions.
private ItemSecurityDecisions loadSecurityDecisions() {
if (pageBase == null || getModelObject().getTargetRef() == null) {
return null;
}
PrismObject<UserType> user = null;
List<PrismObject<UserType>> targetUserList = pageBase.getSessionStorage().getRoleCatalog().getTargetUserList();
if (targetUserList == null || targetUserList.size() == 0) {
user = pageBase.loadUserSelf(pageBase);
} else {
user = targetUserList.get(0);
}
String targetObjectOid = getModelObject().getTargetRef().getOid();
Task task = pageBase.createSimpleTask(OPERATION_LOAD_TARGET_OBJECT);
OperationResult result = new OperationResult(OPERATION_LOAD_TARGET_OBJECT);
PrismObject<AbstractRoleType> targetRefObject = WebModelServiceUtils.loadObject(AbstractRoleType.class, targetObjectOid, pageBase, task, result);
ItemSecurityDecisions decisions = null;
try {
decisions = pageBase.getModelInteractionService().getAllowedRequestAssignmentItems(user, targetRefObject);
} catch (SchemaException | SecurityViolationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load security decisions for assignment items.", ex);
}
return decisions;
}
Aggregations