Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Example 66 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class DependencyProcessor method checkForCircular.

private void checkForCircular(List<ResourceObjectTypeDependencyType> depPath, ResourceObjectTypeDependencyType outDependency) throws PolicyViolationException {
    for (ResourceObjectTypeDependencyType pathElement : depPath) {
        if (pathElement.equals(outDependency)) {
            StringBuilder sb = new StringBuilder();
            Iterator<ResourceObjectTypeDependencyType> iterator = depPath.iterator();
            while (iterator.hasNext()) {
                ResourceObjectTypeDependencyType el = iterator.next();
                ObjectReferenceType resourceRef = el.getResourceRef();
                if (resourceRef != null) {
                    sb.append(resourceRef.getOid());
                }
                sb.append("(").append(el.getKind()).append("/");
                sb.append(el.getIntent()).append(")");
                if (iterator.hasNext()) {
                    sb.append("->");
                }
            }
            throw new PolicyViolationException("Circular dependency, path: " + sb.toString());
        }
    }
}

Example 67 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestMapping method test126ModifyAccountShipDelete.

@Test
public void test126ModifyAccountShipDelete() throws Exception {
    final String TEST_NAME = "test126ModifyAccountShipDelete";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestMapping.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    dummyAuditService.clear();
    PrismObject<UserType> userJack = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(userJack);
    Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
    ObjectDelta<ShadowType> accountDelta = ObjectDelta.createModificationDeleteProperty(ShadowType.class, accountOid, dummyResourceCtlRed.getAttributePath(DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_SHIP_NAME), prismContext, "Black Pearl");
    deltas.add(accountDelta);
    // WHEN
    try {
        modelService.executeChanges(deltas, null, task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // This is expected
        display("Expected exception", e);
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    userJack = getUser(USER_JACK_OID);
    display("User after change execution", userJack);
    assertUserJack(userJack, "Captain Jack Sparrow", "Jack", "Sparrow");
    assertAccountShip(userJack, "Captain Jack Sparrow", "Black Pearl", dummyResourceCtlRed, task);
    // Check audit
    display("Audit", dummyAuditService);
    dummyAuditService.assertSimpleRecordSanity();
    dummyAuditService.assertRecords(2);
    dummyAuditService.assertAnyRequestDeltas();
    dummyAuditService.assertExecutionDeltas(0);
    dummyAuditService.assertExecutionOutcome(OperationResultStatus.FATAL_ERROR);
}

Example 68 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestMapping method test145ModifyAccountLocationDelete.

@Test
public void test145ModifyAccountLocationDelete() throws Exception {
    final String TEST_NAME = "test145ModifyAccountLocationDelete";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestMapping.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    dummyAuditService.clear();
    PrismObject<UserType> userJack = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(userJack);
    Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
    ObjectDelta<ShadowType> accountDelta = ObjectDelta.createModificationDeleteProperty(ShadowType.class, accountOid, dummyResourceCtl.getAttributePath(DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_LOCATION_NAME), prismContext, "Fountain of Youth");
    deltas.add(accountDelta);
    // WHEN
    try {
        modelService.executeChanges(deltas, null, task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // This is expected
        display("Expected exception", e);
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    userJack = getUser(USER_JACK_OID);
    display("User after change execution", userJack);
    assertUserJack(userJack, "Captain Jack Sparrow", "Jack", "Sparrow", "Fountain of Youth");
    assertAccountLocation(userJack, "Captain Jack Sparrow", "Fountain of Youth", dummyResourceCtl, task);
    // Check audit
    display("Audit", dummyAuditService);
    dummyAuditService.assertSimpleRecordSanity();
    dummyAuditService.assertRecords(2);
    dummyAuditService.assertAnyRequestDeltas();
    dummyAuditService.assertExecutionDeltas(0);
    dummyAuditService.assertExecutionOutcome(OperationResultStatus.FATAL_ERROR);
}

Example 69 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test227GuybrushAssignRoleControllingOne.

/**
	 * MID-3694
	 */
@Test
public void test227GuybrushAssignRoleControllingOne() throws Exception {
    final String TEST_NAME = "test227GuybrushAssignRoleControllingOne";
    displayTestTile(TEST_NAME);
    // GIVEN
    Task task = createTask(TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        displayWhen(TEST_NAME);
        assignRole(USER_GUYBRUSH_OID, ROLE_CONTROLLING_1_OID, task, result);
        assertNotReached();
    } catch (PolicyViolationException e) {
        // THEN
        displayThen(TEST_NAME);
        assertFailure(result);
    }
    PrismObject<UserType> userAfter = getUser(USER_GUYBRUSH_OID);
    display("User after", userAfter);
    assertNotAssignedRole(userAfter, ROLE_EXECUTIVE_1_OID);
    assertAssignedRole(userAfter, ROLE_EXECUTIVE_2_OID);
    assertNotAssignedRole(userAfter, ROLE_CONTROLLING_1_OID);
    assertNotAssignedRole(userAfter, ROLE_CONTROLLING_2_OID);
}

Example 70 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test150SimpleExclusionBothBidirectional1.

@Test
public void test150SimpleExclusionBothBidirectional1() throws Exception {
    final String TEST_NAME = "test150SimpleExclusionBothBidirectional1";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestSegregationOfDuties.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    Collection<ItemDelta<?, ?>> modifications = new ArrayList<>();
    modifications.add((createAssignmentModification(ROLE_THIEF_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    modifications.add((createAssignmentModification(ROLE_JUDGE_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    ObjectDelta<UserType> userDelta = ObjectDelta.createModifyDelta(USER_JACK_OID, modifications, UserType.class, prismContext);
    try {
        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
        AssertJUnit.fail("Expected policy violation, but it went well");
    } catch (PolicyViolationException e) {
    // This is expected
    }
    assertAssignedNoRole(USER_JACK_OID, task, result);
}