Example 71 with MidPointPrincipal
use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.
the class TestValidityRecomputeTask method testJackAssignRoleJudgeInvalid.
private void testJackAssignRoleJudgeInvalid(final String TEST_NAME, ActivationType activationType, Task task, OperationResult result) throws Exception {
// WHEN
TestUtil.displayWhen(TEST_NAME);
assignRole(USER_JACK_OID, ROLE_BIG_JUDGE_OID, activationType, task, result);
// THEN
TestUtil.displayThen(TEST_NAME);
assertNoDummyAccount(null, USER_JACK_USERNAME);
// WHEN
TestUtil.displayWhen(TEST_NAME);
waitForTaskNextRunAssertSuccess(TASK_VALIDITY_SCANNER_OID, true);
// THEN
TestUtil.displayThen(TEST_NAME);
assertNoDummyAccount(null, USER_JACK_USERNAME);
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, USER_JACK_USERNAME);
PrismObject<UserType> user = getUser(USER_JACK_OID);
display("User after", user);
assertNoLinkedAccount(user);
assert11xUserOk(user);
MidPointPrincipal principal = userProfileService.getPrincipal(user);
assertNotAuthorized(principal, AUTZ_PUNISH_URL);
// CLEANUP
unassignAllRoles(USER_JACK_OID);
assertNoDummyAccount(null, USER_JACK_USERNAME);
}
Also used :
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 72 with MidPointPrincipal
use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.
the class WorkItemManager method releaseWorkItem.
public void releaseWorkItem(String workItemId, OperationResult parentResult) throws ObjectNotFoundException, SecurityViolationException {
OperationResult result = parentResult.createSubresult(OPERATION_RELEASE_WORK_ITEM);
result.addParam("workItemId", workItemId);
try {
MidPointPrincipal principal = securityEnforcer.getPrincipal();
result.addContext("user", toShortString(principal.getUser()));
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Releasing work item {} by {}", workItemId, toShortString(principal.getUser()));
}
TaskService taskService = activitiEngine.getTaskService();
Task task = taskService.createTaskQuery().taskId(workItemId).singleResult();
if (task == null) {
throw new ObjectNotFoundException("The work item does not exist");
}
if (task.getAssignee() == null) {
throw new SystemException("The work item is not assigned to a user");
}
if (!MiscDataUtil.stringToRef(task.getAssignee()).getOid().equals(principal.getOid())) {
throw new SystemException("The work item is not assigned to the current user");
}
boolean candidateFound = false;
for (IdentityLink link : taskService.getIdentityLinksForTask(workItemId)) {
if (IdentityLinkType.CANDIDATE.equals(link.getType())) {
candidateFound = true;
break;
}
}
if (!candidateFound) {
throw new SystemException("It has no candidates to be offered to");
}
taskService.unclaim(workItemId);
task = taskService.createTaskQuery().taskId(workItemId).singleResult();
if (task == null) {
throw new ObjectNotFoundException("The work item does not exist");
}
setNewAssignees(task, Collections.emptyList(), taskService);
} catch (ObjectNotFoundException | SecurityViolationException | RuntimeException e) {
result.recordFatalError("Couldn't release work item " + workItemId + ": " + e.getMessage(), e);
throw e;
} finally {
result.computeStatusIfUnknown();
}
}
Also used :
Task(org.activiti.engine.task.Task)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
TaskService(org.activiti.engine.TaskService)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
IdentityLink(org.activiti.engine.task.IdentityLink)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 73 with MidPointPrincipal
use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.
the class WorkItemManager method claimWorkItem.
public void claimWorkItem(String workItemId, OperationResult parentResult) throws SecurityViolationException, ObjectNotFoundException {
OperationResult result = parentResult.createSubresult(OPERATION_CLAIM_WORK_ITEM);
result.addParam("workItemId", workItemId);
try {
MidPointPrincipal principal = securityEnforcer.getPrincipal();
result.addContext("user", toShortString(principal.getUser()));
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Claiming work item {} by {}", workItemId, toShortString(principal.getUser()));
}
TaskService taskService = activitiEngine.getTaskService();
Task task = taskService.createTaskQuery().taskId(workItemId).singleResult();
if (task == null) {
throw new ObjectNotFoundException("The work item does not exist");
}
if (task.getAssignee() != null) {
String desc = MiscDataUtil.stringToRef(task.getAssignee()).getOid().equals(principal.getOid()) ? "the current" : "another";
throw new SystemException("The work item is already assigned to " + desc + " user");
}
if (!miscDataUtil.isAuthorizedToClaim(task.getId())) {
throw new SecurityViolationException("You are not authorized to claim the selected work item.");
}
taskService.claim(workItemId, principal.getOid());
task = taskService.createTaskQuery().taskId(workItemId).singleResult();
if (task == null) {
throw new ObjectNotFoundException("The work item does not exist");
}
setNewAssignees(task, Collections.singletonList(ObjectTypeUtil.createObjectRef(principal.getOid(), ObjectTypes.USER)), taskService);
} catch (ObjectNotFoundException | SecurityViolationException | RuntimeException e) {
result.recordFatalError("Couldn't claim the work item " + workItemId + ": " + e.getMessage(), e);
throw e;
} finally {
result.computeStatusIfUnknown();
}
}
Also used :
Task(org.activiti.engine.task.Task)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
TaskService(org.activiti.engine.TaskService)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectTypeUtil.toShortString(com.evolveum.midpoint.schema.util.ObjectTypeUtil.toShortString)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 74 with MidPointPrincipal
use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.
the class WorkItemManager method delegateWorkItem.
// TODO when calling from model API, what should we put into escalationLevelName+DisplayName ?
// Probably the API should look different. E.g. there could be an "Escalate" button, that would look up the
// appropriate escalation timed action, and invoke it. We'll solve this when necessary. Until that time, be
// aware that escalationLevelName/DisplayName are for internal use only.
public void delegateWorkItem(String workItemId, List<ObjectReferenceType> delegates, WorkItemDelegationMethodType method, WorkItemEscalationLevelType escalation, Duration newDuration, WorkItemEventCauseInformationType causeInformation, OperationResult parentResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException {
OperationResult result = parentResult.createSubresult(OPERATION_DELEGATE_WORK_ITEM);
result.addParam("workItemId", workItemId);
result.addParam("escalation", escalation);
result.addCollectionOfSerializablesAsParam("delegates", delegates);
try {
MidPointPrincipal principal = securityEnforcer.getPrincipal();
result.addContext("user", toShortString(principal.getUser()));
ObjectReferenceType initiator = causeInformation == null || causeInformation.getType() == WorkItemEventCauseTypeType.USER_ACTION ? ObjectTypeUtil.createObjectRef(principal.getUser()) : null;
LOGGER.trace("Delegating work item {} to {}: escalation={}; cause={}", workItemId, delegates, escalation != null ? escalation.getName() + "/" + escalation.getDisplayName() : "none", causeInformation);
WorkItemType workItem = workItemProvider.getWorkItem(workItemId, result);
if (!miscDataUtil.isAuthorized(workItem, MiscDataUtil.RequestedOperation.DELEGATE)) {
throw new SecurityViolationException("You are not authorized to delegate this work item.");
}
List<ObjectReferenceType> assigneesBefore = CloneUtil.cloneCollectionMembers(workItem.getAssigneeRef());
WorkItemOperationKindType operationKind = escalation != null ? ESCALATE : DELEGATE;
com.evolveum.midpoint.task.api.Task wfTask = taskManager.getTask(WfContextUtil.getTask(workItem).getOid(), result);
WorkItemAllocationChangeOperationInfo operationInfoBefore = new WorkItemAllocationChangeOperationInfo(operationKind, assigneesBefore, null);
WorkItemOperationSourceInfo sourceInfo = new WorkItemOperationSourceInfo(initiator, causeInformation, null);
wfTaskController.notifyWorkItemAllocationChangeCurrentActors(workItem, operationInfoBefore, sourceInfo, null, wfTask, result);
if (method == null) {
method = WorkItemDelegationMethodType.REPLACE_ASSIGNEES;
}
List<ObjectReferenceType> newAssignees = new ArrayList<>();
List<ObjectReferenceType> delegatedTo = new ArrayList<>();
WfContextUtil.computeAssignees(newAssignees, delegatedTo, delegates, method, workItem);
// don't change the current assignee, if not necessary
TaskService taskService = activitiEngine.getTaskService();
Task task = taskService.createTaskQuery().taskId(workItemId).singleResult();
setNewAssignees(task, newAssignees, taskService);
Date deadline = task.getDueDate();
if (newDuration != null) {
deadline = setNewDuration(task.getId(), newDuration, taskService);
}
Map<String, Object> variables = taskService.getVariables(workItemId);
int escalationLevel = WfContextUtil.getEscalationLevelNumber(workItem);
WorkItemEscalationLevelType newEscalation = WfContextUtil.createNewEscalation(escalationLevel, escalation);
WorkItemDelegationEventType event = WfContextUtil.createDelegationEvent(newEscalation, assigneesBefore, delegatedTo, method, causeInformation);
if (newEscalation != null) {
escalationLevel++;
taskService.setVariableLocal(workItemId, CommonProcessVariableNames.VARIABLE_ESCALATION_LEVEL_NUMBER, newEscalation.getNumber());
taskService.setVariableLocal(workItemId, CommonProcessVariableNames.VARIABLE_ESCALATION_LEVEL_NAME, newEscalation.getName());
taskService.setVariableLocal(workItemId, CommonProcessVariableNames.VARIABLE_ESCALATION_LEVEL_DISPLAY_NAME, newEscalation.getDisplayName());
}
ActivitiUtil.fillInWorkItemEvent(event, principal, workItemId, variables, prismContext);
MidpointUtil.recordEventInTask(event, null, ActivitiUtil.getTaskOid(variables), result);
ApprovalStageDefinitionType level = WfContextUtil.getCurrentStageDefinition(wfTask.getWorkflowContext());
MidpointUtil.createTriggersForTimedActions(workItemId, escalationLevel, XmlTypeConverter.toDate(workItem.getCreateTimestamp()), deadline, wfTask, level.getTimedActions(), result);
WorkItemType workItemAfter = workItemProvider.getWorkItem(workItemId, result);
com.evolveum.midpoint.task.api.Task wfTaskAfter = taskManager.getTask(wfTask.getOid(), result);
WorkItemAllocationChangeOperationInfo operationInfoAfter = new WorkItemAllocationChangeOperationInfo(operationKind, assigneesBefore, workItemAfter.getAssigneeRef());
wfTaskController.notifyWorkItemAllocationChangeNewActors(workItemAfter, operationInfoAfter, sourceInfo, wfTaskAfter, result);
} catch (SecurityViolationException | RuntimeException | ObjectNotFoundException | SchemaException e) {
result.recordFatalError("Couldn't delegate/escalate work item " + workItemId + ": " + e.getMessage(), e);
throw e;
} finally {
result.computeStatusIfUnknown();
}
}
Also used :
Task(org.activiti.engine.task.Task)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectTypeUtil.toShortString(com.evolveum.midpoint.schema.util.ObjectTypeUtil.toShortString)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
WorkItemOperationSourceInfo(com.evolveum.midpoint.wf.api.WorkItemOperationSourceInfo)
TaskService(org.activiti.engine.TaskService)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
WorkItemAllocationChangeOperationInfo(com.evolveum.midpoint.wf.api.WorkItemAllocationChangeOperationInfo)
Example 75 with MidPointPrincipal
use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.
the class TaskCompleteListener method notify.
@Override
public void notify(DelegateTask delegateTask) {
DelegateExecution execution = delegateTask.getExecution();
PrismContext prismContext = getPrismContext();
OperationResult opResult = new OperationResult(TaskCompleteListener.class.getName() + ".notify");
Task wfTask = ActivitiUtil.getTask(execution, opResult);
ApprovalStageDefinitionType stageDef = ActivitiUtil.getAndVerifyCurrentStage(execution, wfTask, true, prismContext);
delegateTask.setVariableLocal(CommonProcessVariableNames.VARIABLE_WORK_ITEM_WAS_COMPLETED, Boolean.TRUE);
// System.out.println("%%% Task " + delegateTask + " has been completed.");
// LOGGER.info("%%% Task {} has been completed", delegateTask);
MidPointPrincipal user;
try {
user = SecurityUtil.getPrincipal();
} catch (SecurityViolationException e) {
throw new SystemException("Couldn't record a decision: " + e.getMessage(), e);
}
if (user != null && user.getOid() != null) {
delegateTask.setVariableLocal(CommonProcessVariableNames.VARIABLE_WORK_ITEM_COMPLETED_BY, user.getOid());
}
LOGGER.trace("======================================== Recording individual decision of {}", user);
@NotNull WorkItemResultType result1 = getItemApprovalProcessInterface().extractWorkItemResult(delegateTask.getVariables());
boolean isApproved = ApprovalUtils.isApproved(result1);
LevelEvaluationStrategyType levelEvaluationStrategyType = stageDef.getEvaluationStrategy();
Boolean setLoopApprovesInStageStop = null;
if (levelEvaluationStrategyType == LevelEvaluationStrategyType.FIRST_DECIDES) {
LOGGER.trace("Setting " + LOOP_APPROVERS_IN_STAGE_STOP + " to true, because the stage evaluation strategy is 'firstDecides'.");
setLoopApprovesInStageStop = true;
} else if ((levelEvaluationStrategyType == null || levelEvaluationStrategyType == LevelEvaluationStrategyType.ALL_MUST_AGREE) && !isApproved) {
LOGGER.trace("Setting " + LOOP_APPROVERS_IN_STAGE_STOP + " to true, because the stage eval strategy is 'allMustApprove' and the decision was 'reject'.");
setLoopApprovesInStageStop = true;
}
if (setLoopApprovesInStageStop != null) {
//noinspection ConstantConditions
execution.setVariable(LOOP_APPROVERS_IN_STAGE_STOP, setLoopApprovesInStageStop);
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Approval process instance {} (id {}), stage {}: recording decision {}; stage stops now: {}", execution.getVariable(CommonProcessVariableNames.VARIABLE_PROCESS_INSTANCE_NAME), execution.getProcessInstanceId(), WfContextUtil.getStageDiagName(stageDef), result1.getOutcome(), setLoopApprovesInStageStop);
}
getActivitiInterface().notifyMidpointAboutTaskEvent(delegateTask);
getActivitiInterface().notifyMidpointAboutProcessEvent(execution);
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
DelegateTask(org.activiti.engine.delegate.DelegateTask)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
SpringApplicationContextHolder.getPrismContext(com.evolveum.midpoint.wf.impl.processes.common.SpringApplicationContextHolder.getPrismContext)
PrismContext(com.evolveum.midpoint.prism.PrismContext)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
NotNull(org.jetbrains.annotations.NotNull)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
DelegateExecution(org.activiti.engine.delegate.DelegateExecution)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)75
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)35
Task (com.evolveum.midpoint.task.api.Task)35
Test (org.testng.annotations.Test)30
AbstractInitializedModelIntegrationTest (com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)18
TestTriggerTask (com.evolveum.midpoint.model.intest.TestTriggerTask)18
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)11
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)10
SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)10
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)9
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)8
IdItemPathSegment (com.evolveum.midpoint.prism.path.IdItemPathSegment)6
NameItemPathSegment (com.evolveum.midpoint.prism.path.NameItemPathSegment)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)6
Authentication (org.springframework.security.core.Authentication)6
TestRbac (com.evolveum.midpoint.model.intest.rbac.TestRbac)5
SystemException (com.evolveum.midpoint.util.exception.SystemException)5
Authorization (com.evolveum.midpoint.security.api.Authorization)3
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)3
CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)3
