Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Example 51 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class ResourceContentPanel method changeOwnerInternal.

private void changeOwnerInternal(String ownerOid, Collection<? extends ItemDelta> modifications, AjaxRequestTarget target) {
    OperationResult result = new OperationResult(OPERATION_CHANGE_OWNER);
    Task task = pageBase.createSimpleTask(OPERATION_CHANGE_OWNER);
    ObjectDelta objectDelta = ObjectDelta.createModifyDelta(ownerOid, modifications, FocusType.class, pageBase.getPrismContext());
    Collection deltas = new ArrayList<>();
    deltas.add(objectDelta);
    try {
        if (!deltas.isEmpty()) {
            pageBase.getModelService().executeChanges(deltas, null, task, result);
        }
    } catch (ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException | SecurityViolationException e) {
    }
    result.computeStatusIfUnknown();
    pageBase.showResult(result);
    target.add(pageBase.getFeedbackPanel());
    getTable().refreshTable(null, target);
    target.add(ResourceContentPanel.this);
}

Example 52 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRetirement method reconcileAllUsers.

private void reconcileAllUsers() throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    final Task task = createTask("reconcileAllUsers");
    OperationResult result = task.getResult();
    ResultHandler<UserType> handler = new ResultHandler<UserType>() {

        @Override
        public boolean handle(PrismObject<UserType> object, OperationResult parentResult) {
            try {
                display("reconciling " + object);
                reconcileUser(object.getOid(), task, parentResult);
            } catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectNotFoundException | ObjectAlreadyExistsException | CommunicationException | ConfigurationException | SecurityViolationException e) {
                throw new SystemException(e.getMessage(), e);
            }
            return true;
        }
    };
    display("Reconciling all users");
    modelService.searchObjectsIterative(UserType.class, null, handler, null, task, result);
}

Example 53 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class AbstractLdapHierarchyTest method reconcileAllUsers.

protected void reconcileAllUsers() throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    final Task task = createTask("reconcileAllUsers");
    OperationResult result = task.getResult();
    ResultHandler<UserType> handler = new ResultHandler<UserType>() {

        @Override
        public boolean handle(PrismObject<UserType> object, OperationResult parentResult) {
            try {
                display("reconciling " + object);
                reconcileUser(object.getOid(), task, parentResult);
            } catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectNotFoundException | ObjectAlreadyExistsException | CommunicationException | ConfigurationException | SecurityViolationException e) {
                throw new SystemException(e.getMessage(), e);
            }
            return true;
        }
    };
    display("Reconciling all users");
    modelService.searchObjectsIterative(UserType.class, null, handler, null, task, result);
}

Example 54 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestLdapDependency method test290UnassignVipRoleFromHROrg.

@Test
public void test290UnassignVipRoleFromHROrg() throws Exception {
    final String TEST_NAME = "test290UnassignVipRoleFromHROrg";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestLdapDependency.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    PrismObject<OrgType> orgBefore = getOrg(ORG_HR_NAME);
    display("unassigning vip role org", orgBefore);
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        unassignRoleFromOrg(orgHrOid, ROLE_META_ORG_VIP_OID, task, result);
        assertNotReached();
    } catch (PolicyViolationException e) {
    // this is expected
    }
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    TestUtil.assertFailure(result);
    dumpOrgTree();
    dumpLdap();
    PrismObject<OrgType> orgAfter = getOrg(ORG_HR_NAME);
    display("AFTER unassigning vip role org", orgAfter);
    assertSubOrgs(orgAfter, 0);
    assertSubOrgs(ORG_TOP_OID, 2);
    assertRoleMembershipRef(orgAfter, ROLE_META_ORG_OID, ROLE_META_ORG_VIP_OID, ROLE_META_ORG_SUPERVIP_OID, ORG_TOP_OID);
    assertAssignedRole(orgAfter, ROLE_META_ORG_VIP_OID);
    assertLdapObject(orgAfter, ShadowKindType.ENTITLEMENT, LDAP_GROUP_INTENT);
    assertLdapObject(orgAfter, ShadowKindType.GENERIC, LDAP_OU_INTENT);
//TODO: assert ldap vip objects deleted...
}

Example 55 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class Clockwork method click.

public <F extends ObjectType> HookOperationMode click(LensContext<F> context, Task task, OperationResult result) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException {
    if (context.getDebugListener() == null) {
        context.setDebugListener(debugListener);
    }
    try {
        XMLGregorianCalendar now = clock.currentTimeXMLGregorianCalendar();
        // We need to determine focus before auditing. Otherwise we will not know user
        // for the accounts (unless there is a specific delta for it).
        // This is ugly, but it is the easiest way now (TODO: cleanup).
        contextLoader.determineFocusContext((LensContext<? extends FocusType>) context, result);
        ModelState state = context.getState();
        if (state == ModelState.INITIAL) {
            if (debugListener != null) {
                debugListener.beforeSync(context);
            }
            metadataManager.applyRequestMetadata(context, now, task, result);
            context.getStats().setRequestTimestamp(now);
            // We need to do this BEFORE projection. If we would do that after projection
            // there will be secondary changes that are not part of the request.
            audit(context, AuditEventStage.REQUEST, task, result);
        }
        boolean recompute = false;
        if (!context.isFresh()) {
            LOGGER.trace("Context is not fresh -- forcing cleanup and recomputation");
            recompute = true;
        } else if (context.getExecutionWave() > context.getProjectionWave()) {
            // should not occur
            LOGGER.warn("Execution wave is greater than projection wave -- forcing cleanup and recomputation");
            recompute = true;
        }
        if (recompute) {
            context.cleanup();
            projector.project(context, "PROJECTOR (" + state + ")", task, result);
        } else if (context.getExecutionWave() == context.getProjectionWave()) {
            LOGGER.trace("Running projector for current execution wave");
            projector.resume(context, "PROJECTOR (" + state + ")", task, result);
        } else {
            LOGGER.trace("Skipping projection because the context is fresh and projection for current wave has already run");
        }
        if (!context.isRequestAuthorized()) {
            authorizeContextRequest(context, task, result);
        }
        LensUtil.traceContext(LOGGER, "CLOCKWORK (" + state + ")", "before processing", true, context, false);
        if (InternalsConfig.consistencyChecks) {
            try {
                context.checkConsistence();
            } catch (IllegalStateException e) {
                throw new IllegalStateException(e.getMessage() + " in clockwork, state=" + state, e);
            }
        }
        if (InternalsConfig.encryptionChecks && !ModelExecuteOptions.isNoCrypt(context.getOptions())) {
            context.checkEncrypted();
        }
        switch(state) {
            case INITIAL:
                processInitialToPrimary(context, task, result);
                break;
            case PRIMARY:
                processPrimaryToSecondary(context, task, result);
                break;
            case SECONDARY:
                processSecondary(context, task, result);
                break;
            case FINAL:
                HookOperationMode mode = processFinal(context, task, result);
                if (debugListener != null) {
                    debugListener.afterSync(context);
                }
                return mode;
        }
        result.recomputeStatus();
        result.cleanupResult();
        return invokeHooks(context, task, result);
    } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | PolicyViolationException | SchemaException | SecurityViolationException | RuntimeException | ObjectAlreadyExistsException e) {
        processClockworkException(context, e, task, result);
        throw e;
    }
}