Examples with AuthorizationParameters com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters used on opensource projects

Example 1 with AuthorizationParameters

use of com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters in project midpoint by Evolveum.

the class ModelController method executeModifyDeltaRaw.

private PrismObject<? extends ObjectType> executeModifyDeltaRaw(ObjectDelta<? extends ObjectType> delta, boolean preAuthorized, ModelExecuteOptions options, Task task, OperationResult result1) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ConfigurationException, CommunicationException, SecurityViolationException, ExpressionEvaluationException {
    // MID-2218
    QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
    PrismObject<? extends ObjectType> objectToDetermineDetailsForAudit;
    try {
        PrismObject existingObject = cacheRepositoryService.getObject(delta.getObjectTypeClass(), delta.getOid(), createReadOnlyCollection(), result1);
        objectToDetermineDetailsForAudit = existingObject;
        if (!preAuthorized) {
            AuthorizationParameters autzParams = AuthorizationParameters.Builder.buildObjectDelta(existingObject, delta);
            securityEnforcer.authorize(ModelAuthorizationAction.RAW_OPERATION.getUrl(), null, autzParams, null, task, result1);
            securityEnforcer.authorize(ModelAuthorizationAction.MODIFY.getUrl(), null, autzParams, null, task, result1);
        }
        try {
            if (TaskType.class.isAssignableFrom(delta.getObjectTypeClass())) {
                taskManager.modifyTask(delta.getOid(), delta.getModifications(), result1);
            } else {
                cacheRepositoryService.modifyObject(delta.getObjectTypeClass(), delta.getOid(), delta.getModifications(), result1);
            }
            task.recordObjectActionExecuted(existingObject, ChangeType.MODIFY, null);
        } catch (Throwable t) {
            task.recordObjectActionExecuted(existingObject, ChangeType.MODIFY, t);
            throw t;
        }
    } finally {
        QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
    }
    if (ModelExecuteOptions.isReevaluateSearchFilters(options)) {
        // treat filters that already exist in the object (case #2 above)
        reevaluateSearchFilters(delta.getObjectTypeClass(), delta.getOid(), task, result1);
    }
    return objectToDetermineDetailsForAudit;
}