Examples with MidPointPrincipal com.evolveum.midpoint.security.api.MidPointPrincipal used on opensource projects

Example 51 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method assertAuthorizations.

protected void assertAuthorizations(PrismObject<UserType> user, String... expectedAuthorizations) throws ObjectNotFoundException, SchemaException {
    MidPointPrincipal principal = userProfileService.getPrincipal(user);
    assertNotNull("No principal for " + user, principal);
    assertAuthorizations(principal, expectedAuthorizations);
}

Example 52 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class MiscDataUtil method isAuthorizedToClaim.

public boolean isAuthorizedToClaim(String taskId) {
    MidPointPrincipal principal;
    try {
        principal = securityEnforcer.getPrincipal();
    } catch (SecurityViolationException e) {
        return false;
    }
    String currentUserOid = principal.getOid();
    if (currentUserOid == null) {
        return false;
    }
    return isAmongCandidates(principal, taskId);
}

Example 53 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class AccCertUpdateHelper method escalateCampaign.

public void escalateCampaign(String campaignOid, EscalateWorkItemActionType escalateAction, WorkItemEventCauseInformationType causeInformation, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, SecurityViolationException {
    MidPointPrincipal principal = securityEnforcer.getPrincipal();
    result.addContext("user", toShortString(principal.getUser()));
    ObjectReferenceType initiator = ObjectTypeUtil.createObjectRef(principal.getUser());
    List<AccessCertificationWorkItemType> workItems = queryHelper.searchOpenWorkItems(CertCampaignTypeUtil.createWorkItemsForCampaignQuery(campaignOid, prismContext), null, false, null, result);
    if (workItems.isEmpty()) {
        LOGGER.debug("No work items, no escalation (campaign: {})", campaignOid);
        return;
    }
    LOGGER.info("Going to escalate the campaign {}: {} work item(s)", campaignOid, workItems.size());
    XMLGregorianCalendar now = clock.currentTimeXMLGregorianCalendar();
    List<ItemDelta<?, ?>> deltas = new ArrayList<>();
    // Currently we expect all open certification work items for a given campaign to have the same escalation level.
    // Because of consistence with other parts of midPoint we store the escalation level within work item itself.
    // But we enforce it to be the same for all the open work items.
    // This behavior will most probably change in the future.
    AccessCertificationCampaignType campaign = generalHelper.getCampaign(campaignOid, null, task, result);
    int newStageEscalationLevelNumber = CertCampaignTypeUtil.getCurrentStageEscalationLevelNumber(campaign) + 1;
    WorkItemEscalationLevelType newEscalationLevel = new WorkItemEscalationLevelType().number(newStageEscalationLevelNumber).name(escalateAction.getEscalationLevelName()).displayName(escalateAction.getEscalationLevelDisplayName());
    for (AccessCertificationWorkItemType workItem : workItems) {
        AccessCertificationCaseType aCase = CertCampaignTypeUtil.getCaseChecked(workItem);
        AccessCertificationCampaignType workItemCampaign = CertCampaignTypeUtil.getCampaignChecked(aCase);
        if (!java.util.Objects.equals(workItemCampaign.getOid(), campaignOid)) {
            throw new IllegalArgumentException("Work item to delegate does not belong to specified campaign (" + campaignOid + ") but to " + workItemCampaign);
        }
        if (workItem.getCloseTimestamp() != null) {
            throw new IllegalStateException("Couldn't delegate a work item that is already closed: " + workItem);
        }
        if (workItem.getStageNumber() != workItemCampaign.getStageNumber()) {
            throw new IllegalStateException("Couldn't delegate a work item that is not in a current stage. Current stage: " + workItemCampaign.getStageNumber() + ", work item stage: " + workItem.getStageNumber());
        }
        if (workItem.getOutput() != null && workItem.getOutput().getOutcome() != null) {
            // The latter is less awkward, so let's do it that way.
            continue;
        }
        List<ObjectReferenceType> delegates = computeDelegateTo(escalateAction, workItem, aCase, workItemCampaign, task, result);
        int escalationLevel = WfContextUtil.getEscalationLevelNumber(workItem);
        if (escalationLevel + 1 != newStageEscalationLevelNumber) {
            throw new IllegalStateException("Different escalation level numbers for certification cases: work item level (" + newEscalationLevel + ") is different from the stage level (" + newStageEscalationLevelNumber + ")");
        }
        LOGGER.debug("Escalating work item {} to level: {}; delegates={}: cause={}", workItem, newEscalationLevel, delegates, causeInformation);
        List<ObjectReferenceType> assigneesBefore = CloneUtil.cloneCollectionMembers(workItem.getAssigneeRef());
        WorkItemDelegationMethodType method = getDelegationMethod(escalateAction);
        List<ObjectReferenceType> newAssignees = new ArrayList<>();
        List<ObjectReferenceType> delegatedTo = new ArrayList<>();
        WfContextUtil.computeAssignees(newAssignees, delegatedTo, delegates, method, workItem);
        WorkItemDelegationEventType event = WfContextUtil.createDelegationEvent(newEscalationLevel, assigneesBefore, delegatedTo, method, causeInformation);
        event.setTimestamp(now);
        event.setInitiatorRef(initiator);
        event.setWorkItemId(workItem.getId());
        event.setEscalationLevel(workItem.getEscalationLevel());
        addDeltasForAssigneesAndEvent(deltas, workItem, aCase, newAssignees, event);
        deltas.add(DeltaBuilder.deltaFor(AccessCertificationCampaignType.class, prismContext).item(F_CASE, aCase.getId(), F_WORK_ITEM, workItem.getId(), F_ESCALATION_LEVEL).replace(newEscalationLevel).asItemDelta());
    // notification (after modifications)
    }
    AccessCertificationStageType stage = CertCampaignTypeUtil.getCurrentStage(campaign);
    assert stage != null;
    Long stageId = stage.asPrismContainerValue().getId();
    assert stageId != null;
    deltas.add(DeltaBuilder.deltaFor(AccessCertificationCampaignType.class, prismContext).item(F_STAGE, stageId, AccessCertificationStageType.F_ESCALATION_LEVEL).replace(newEscalationLevel).asItemDelta());
    AccessCertificationStageDefinitionType stageDefinition = CertCampaignTypeUtil.getCurrentStageDefinition(campaign);
    deltas.addAll(createTriggersForTimedActions(campaignOid, newStageEscalationLevelNumber, XmlTypeConverter.toDate(stage.getStartTimestamp()), XmlTypeConverter.toDate(stage.getDeadline()), stageDefinition.getTimedActions()));
    modifyObjectViaModel(AccessCertificationCampaignType.class, campaignOid, deltas, task, result);
    campaign = generalHelper.getCampaign(campaignOid, null, task, result);
    // TODO differentiate between "old" and "new" reviewers
    notifyReviewers(campaign, true, task, result);
//		AccessCertificationCampaignType updatedCampaign = refreshCampaign(campaign, task, result);
//		LOGGER.info("Updated campaign state: {}", updatedCampaign.getState());
//		eventHelper.onCampaignEnd(updatedCampaign, task, result);
}

Example 54 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class AccCertUpdateHelper method delegateWorkItems.

//endregion
//region ================================ Delegation/escalation ================================
public void delegateWorkItems(String campaignOid, List<AccessCertificationWorkItemType> workItems, DelegateWorkItemActionType delegateAction, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, SecurityViolationException {
    LOGGER.info("Going to delegate {} work item(s) in campaign {}", workItems.size(), campaignOid);
    MidPointPrincipal principal = securityEnforcer.getPrincipal();
    result.addContext("user", toShortString(principal.getUser()));
    ObjectReferenceType initiator = ObjectTypeUtil.createObjectRef(principal.getUser());
    XMLGregorianCalendar now = clock.currentTimeXMLGregorianCalendar();
    List<ItemDelta<?, ?>> deltas = new ArrayList<>();
    for (AccessCertificationWorkItemType workItem : workItems) {
        AccessCertificationCaseType aCase = CertCampaignTypeUtil.getCaseChecked(workItem);
        AccessCertificationCampaignType campaign = CertCampaignTypeUtil.getCampaignChecked(aCase);
        if (!java.util.Objects.equals(campaign.getOid(), campaignOid)) {
            throw new IllegalArgumentException("Work item to delegate does not belong to specified campaign (" + campaignOid + ") but to " + campaign);
        }
        // TODO reload the work item here (and replace exceptions with logged warnings)
        if (workItem.getCloseTimestamp() != null) {
            throw new IllegalStateException("Couldn't delegate a work item that is already closed: " + workItem);
        }
        if (workItem.getStageNumber() != campaign.getStageNumber()) {
            throw new IllegalStateException("Couldn't delegate a work item that is not in a current stage. Current stage: " + campaign.getStageNumber() + ", work item stage: " + workItem.getStageNumber());
        }
        List<ObjectReferenceType> delegates = computeDelegateTo(delegateAction, workItem, aCase, campaign, task, result);
        // TODO
        WorkItemEventCauseInformationType causeInformation = null;
        LOGGER.trace("Delegating work item {} to {}: cause={}", workItem, delegates, causeInformation);
        List<ObjectReferenceType> assigneesBefore = CloneUtil.cloneCollectionMembers(workItem.getAssigneeRef());
        WorkItemDelegationMethodType method = getDelegationMethod(delegateAction);
        List<ObjectReferenceType> newAssignees = new ArrayList<>();
        List<ObjectReferenceType> delegatedTo = new ArrayList<>();
        WfContextUtil.computeAssignees(newAssignees, delegatedTo, delegates, method, workItem);
        WorkItemDelegationEventType event = WfContextUtil.createDelegationEvent(null, assigneesBefore, delegatedTo, method, causeInformation);
        event.setTimestamp(now);
        event.setInitiatorRef(initiator);
        event.setWorkItemId(workItem.getId());
        event.setEscalationLevel(workItem.getEscalationLevel());
        addDeltasForAssigneesAndEvent(deltas, workItem, aCase, newAssignees, event);
    // notification (after modifications)
    }
    modifyObjectViaModel(AccessCertificationCampaignType.class, campaignOid, deltas, task, result);
// TODO notifications
//		AccessCertificationCampaignType updatedCampaign = refreshCampaign(campaign, task, result);
//		LOGGER.info("Updated campaign state: {}", updatedCampaign.getState());
//		eventHelper.onCampaignEnd(updatedCampaign, task, result);
}

Example 55 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class ExpressionHandlerImplTest method setup.

@BeforeSuite
public void setup() throws SchemaException, SAXException, IOException {
    PrettyPrinter.setDefaultNamespacePrefix(MidPointConstants.NS_MIDPOINT_PUBLIC_PREFIX);
    PrismTestUtil.resetPrismContext(MidPointPrismContextFactory.FACTORY);
    // just something to fill into c:actor expression variable
    MidPointPrincipal principal = new MidPointPrincipal(new UserType(PrismTestUtil.getPrismContext()));
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
    securityContext.setAuthentication(authentication);
}