Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Example 16 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestProjector method test260ModifyAccountBarbossaDrinkReplace.

/**
	 * The drink attribute is NOT tolerant. Therefore an attempt to manually change it using
	 * account primary delta should fail.
	 */
@Test
public void test260ModifyAccountBarbossaDrinkReplace() throws Exception {
    final String TEST_NAME = "test260ModifyAccountBarbossaDrinkReplace";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestProjector.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
    LensContext<UserType> context = createUserLensContext();
    fillContextWithUser(context, USER_BARBOSSA_OID, result);
    fillContextWithAccount(context, ACCOUNT_HBARBOSSA_DUMMY_OID, task, result);
    addModificationToContextReplaceAccountAttribute(context, ACCOUNT_HBARBOSSA_DUMMY_OID, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_DRINK_NAME, "Water");
    context.recompute();
    display("Input context", context);
    assertFocusModificationSanity(context);
    try {
        // WHEN
        projector.project(context, "test", task, result);
        AssertJUnit.fail("Unexpected success of projector");
    } catch (PolicyViolationException e) {
    // This is expected
    }
}

Example 17 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test142SimpleExclusionBoth2Deprecated.

@Test
public void test142SimpleExclusionBoth2Deprecated() throws Exception {
    final String TEST_NAME = "test142SimpleExclusionBoth2Deprecated";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestSegregationOfDuties.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    Collection<ItemDelta<?, ?>> modifications = new ArrayList<>();
    modifications.add((createAssignmentModification(ROLE_PIRATE_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    modifications.add((createAssignmentModification(ROLE_JUDGE_DEPRECATED_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    ObjectDelta<UserType> userDelta = ObjectDelta.createModifyDelta(USER_JACK_OID, modifications, UserType.class, prismContext);
    try {
        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
        AssertJUnit.fail("Expected policy violation, but it went well");
    } catch (PolicyViolationException e) {
    // This is expected
    }
    assertAssignedNoRole(USER_JACK_OID, task, result);
}

Example 18 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRetirement method reconcileAllOrgs.

private void reconcileAllOrgs() throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    final Task task = createTask("reconcileAllOrgs");
    OperationResult result = task.getResult();
    ResultHandler<OrgType> handler = new ResultHandler<OrgType>() {

        @Override
        public boolean handle(PrismObject<OrgType> object, OperationResult parentResult) {
            try {
                display("reconciling " + object);
                reconcileOrg(object.getOid(), task, parentResult);
            } catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectNotFoundException | ObjectAlreadyExistsException | CommunicationException | ConfigurationException | SecurityViolationException e) {
                throw new SystemException(e.getMessage(), e);
            }
            return true;
        }
    };
    display("Reconciling all orgs");
    modelService.searchObjectsIterative(OrgType.class, null, handler, null, task, result);
}

Example 19 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRbac method test613JackAssignRoleGovernorAsApprover.

/**
	 * Governor has maxAssignees=0 for 'approver'
	 */
@Test
public void test613JackAssignRoleGovernorAsApprover() throws Exception {
    if (!testMultiplicityConstraintsForNonDefaultRelations()) {
        return;
    }
    final String TEST_NAME = "test613JackAssignRoleGovernorAsApprover";
    TestUtil.displayTestTile(this, TEST_NAME);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        assignRole(USER_JACK_OID, ROLE_GOVERNOR_OID, SchemaConstants.ORG_APPROVER, task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // this is expected
        display("Expected exception", e);
    }
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    TestUtil.assertFailure(result);
    assertNoAssignments(USER_JACK_OID);
    assertAssignees(ROLE_GOVERNOR_OID, 1);
}

Example 20 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRbac method test632RappUnassignRoleCanibalAsOwner.

/**
	 * We are going to violate minAssignees constraint in cannibal role.
	 */
@Test
public void test632RappUnassignRoleCanibalAsOwner() throws Exception {
    if (!testMultiplicityConstraintsForNonDefaultRelations()) {
        return;
    }
    final String TEST_NAME = "test632RappUnassignRoleCanibalAsOwner";
    TestUtil.displayTestTile(this, TEST_NAME);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assertAssignees(ROLE_CANNIBAL_OID, 2);
    assertAssignees(ROLE_CANNIBAL_OID, SchemaConstants.ORG_OWNER, 1);
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        // null namespace to test no-namespace "approver" relation
        unassignRole(USER_RAPP_OID, ROLE_CANNIBAL_OID, QNameUtil.nullNamespace(SchemaConstants.ORG_OWNER), task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // this is expected
        display("Expected exception", e);
    }
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    TestUtil.assertFailure(result);
    assertAssignees(ROLE_CANNIBAL_OID, 2);
    assertAssignees(ROLE_CANNIBAL_OID, SchemaConstants.ORG_OWNER, 1);
}