Example 1 with ItemSecurityConstraints
use of com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method assertAllowRequestAssignmentItems.
protected void assertAllowRequestAssignmentItems(String userOid, String targetRoleOid, Task task, OperationResult result, ItemPath... expectedAllowedItemPaths) throws SchemaException, SecurityViolationException, CommunicationException, ObjectNotFoundException, ConfigurationException, ExpressionEvaluationException {
PrismObject<UserType> user = getUser(userOid);
PrismObject<RoleType> target = getRole(targetRoleOid);
ItemSecurityConstraints constraints = modelInteractionService.getAllowedRequestAssignmentItems(user, target, task, result);
displayDumpable("Request decisions for " + target, constraints);
for (ItemPath expectedAllowedItemPath : expectedAllowedItemPaths) {
AuthorizationDecisionType decision = constraints.findItemDecision(expectedAllowedItemPath);
assertEquals("Wrong decision for item " + expectedAllowedItemPath, AuthorizationDecisionType.ALLOW, decision);
}
}
Also used :
ItemSecurityConstraints(com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with ItemSecurityConstraints
use of com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints in project midpoint by Evolveum.
the class AssignmentEditorPanel method isItemAllowed.
private boolean isItemAllowed(ItemPath itemPath) {
ItemSecurityConstraints constraints = itemSecurityConstraintsModel.getObject();
if (itemPath == null || constraints == null) {
return true;
}
AuthorizationDecisionType decision = constraints.findItemDecision(itemPath);
return AuthorizationDecisionType.ALLOW.equals(decision);
}
Also used :
ItemSecurityConstraints(com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints)
Example 3 with ItemSecurityConstraints
use of com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints in project midpoint by Evolveum.
the class AssignmentEditorPanel method loadSecurityConstraints.
private ItemSecurityConstraints loadSecurityConstraints() {
PageBase pageBase = getPageBase();
if (pageBase == null || getModelObject().getTargetRef() == null) {
return null;
}
PrismObject<? extends FocusType> operationObject = null;
if (pageBase instanceof PageAdminFocus) {
operationObject = ((PageAdminFocus) pageBase).getObjectWrapper().getObject();
} else if (// shopping cart assignment details panels
(pageBase instanceof PageAssignmentDetails || pageBase instanceof PageAssignmentsList) && !pageBase.getSessionStorage().getRoleCatalog().isMultiUserRequest()) {
String targetUserOid = pageBase.getSessionStorage().getRoleCatalog().isSelfRequest() ? pageBase.getPrincipalFocus().getOid() : pageBase.getSessionStorage().getRoleCatalog().getTargetUserOidsList().get(0);
Task task = pageBase.createSimpleTask(OPERATION_LOAD_ASSIGNMENT_TARGET_USER_OBJECT);
OperationResult result = new OperationResult(OPERATION_LOAD_ASSIGNMENT_TARGET_USER_OBJECT);
operationObject = WebModelServiceUtils.loadObject(UserType.class, targetUserOid, pageBase, task, result);
}
if (operationObject == null) {
return null;
}
String targetObjectOid = getModelObject().getTargetRef().getOid();
Task task = pageBase.createSimpleTask(OPERATION_LOAD_TARGET_OBJECT);
OperationResult result = new OperationResult(OPERATION_LOAD_TARGET_OBJECT);
PrismObject<AbstractRoleType> targetRefObject = WebModelServiceUtils.loadObject(AbstractRoleType.class, targetObjectOid, pageBase, task, result);
ItemSecurityConstraints constraints = null;
try {
constraints = pageBase.getModelInteractionService().getAllowedRequestAssignmentItems(operationObject, targetRefObject, task, result);
} catch (SchemaException | SecurityViolationException | ObjectNotFoundException | ExpressionEvaluationException | CommunicationException | ConfigurationException ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load security constraints for assignment items.", ex);
}
return constraints;
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
PageAdminFocus(com.evolveum.midpoint.web.page.admin.PageAdminFocus)
PageAssignmentsList(com.evolveum.midpoint.web.page.self.PageAssignmentsList)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PageBase(com.evolveum.midpoint.gui.api.page.PageBase)
ItemSecurityConstraints(com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints)
PageAssignmentDetails(com.evolveum.midpoint.web.page.self.PageAssignmentDetails)
Aggregations
ItemSecurityConstraints (com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints)3
PageBase (com.evolveum.midpoint.gui.api.page.PageBase)1
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
Task (com.evolveum.midpoint.task.api.Task)1
PageAdminFocus (com.evolveum.midpoint.web.page.admin.PageAdminFocus)1
PageAssignmentDetails (com.evolveum.midpoint.web.page.self.PageAssignmentDetails)1
PageAssignmentsList (com.evolveum.midpoint.web.page.self.PageAssignmentsList)1
