Examples with PropertyAccessType com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType used on opensource projects

Example 1 with PropertyAccessType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType in project midpoint by Evolveum.

the class ReconciliationProcessor method reconcileProjectionAttribute.

private <T> void reconcileProjectionAttribute(QName attrName, LensProjectionContext projCtx, Map<QName, DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<?>, PrismPropertyDefinition<?>>>> squeezedAttributes, RefinedObjectClassDefinition rOcDef, PrismObject<ShadowType> shadowNew, PrismContainer attributesContainer) throws SchemaException {
    //			LOGGER.trace("Attribute reconciliation processing attribute {}",attrName);
    RefinedAttributeDefinition<T> attributeDefinition = projCtx.findAttributeDefinition(attrName);
    if (attributeDefinition == null) {
        String msg = "No definition for attribute " + attrName + " in " + projCtx.getResourceShadowDiscriminator();
        throw new SchemaException(msg);
    }
    DeltaSetTriple<ItemValueWithOrigin<PrismPropertyValue<T>, PrismPropertyDefinition<T>>> pvwoTriple = squeezedAttributes != null ? (DeltaSetTriple) squeezedAttributes.get(attrName) : null;
    if (attributeDefinition.isIgnored(LayerType.MODEL)) {
        LOGGER.trace("Skipping reconciliation of attribute {} because it is ignored", attrName);
        return;
    }
    PropertyLimitations limitations = attributeDefinition.getLimitations(LayerType.MODEL);
    if (limitations != null) {
        PropertyAccessType access = limitations.getAccess();
        if (access != null) {
            if (projCtx.isAdd() && (access.isAdd() == null || !access.isAdd())) {
                LOGGER.trace("Skipping reconciliation of attribute {} because it is non-createable", attrName);
                return;
            }
            if (projCtx.isModify() && (access.isModify() == null || !access.isModify())) {
                LOGGER.trace("Skipping reconciliation of attribute {} because it is non-updateable", attrName);
                return;
            }
        }
    }
    Collection<ItemValueWithOrigin<PrismPropertyValue<T>, PrismPropertyDefinition<T>>> shouldBePValues;
    if (pvwoTriple == null) {
        shouldBePValues = new HashSet<>();
    } else {
        shouldBePValues = new HashSet<>(pvwoTriple.getNonNegativeValues());
    }
    // We consider values explicitly requested by user to be among "should be values".
    addPropValuesFromDelta(shouldBePValues, projCtx.getPrimaryDelta(), attrName);
    // But we DO NOT take values from sync delta (because they just reflect what's on the resource),
    // nor from secondary delta (because these got there from mappings).
    boolean hasStrongShouldBePValue = false;
    for (ItemValueWithOrigin<? extends PrismPropertyValue<T>, PrismPropertyDefinition<T>> shouldBePValue : shouldBePValues) {
        if (shouldBePValue.getMapping() != null && shouldBePValue.getMapping().getStrength() == MappingStrengthType.STRONG) {
            hasStrongShouldBePValue = true;
            break;
        }
    }
    PrismProperty<T> attribute = attributesContainer.findProperty(attrName);
    Collection<PrismPropertyValue<T>> arePValues;
    if (attribute != null) {
        arePValues = attribute.getValues();
    } else {
        arePValues = new HashSet<>();
    }
    // Too loud :-)
    //			if (LOGGER.isTraceEnabled()) {
    //				StringBuilder sb = new StringBuilder();
    //				sb.append("Reconciliation\nATTR: ").append(PrettyPrinter.prettyPrint(attrName));
    //				sb.append("\n  Should be:");
    //				for (ItemValueWithOrigin<?,?> shouldBePValue : shouldBePValues) {
    //					sb.append("\n    ");
    //					sb.append(shouldBePValue.getItemValue());
    //					PrismValueDeltaSetTripleProducer<?, ?> shouldBeMapping = shouldBePValue.getMapping();
    //					if (shouldBeMapping.getStrength() == MappingStrengthType.STRONG) {
    //						sb.append(" STRONG");
    //					}
    //					if (shouldBeMapping.getStrength() == MappingStrengthType.WEAK) {
    //						sb.append(" WEAK");
    //					}
    //					if (!shouldBePValue.isValid()) {
    //						sb.append(" INVALID");
    //					}
    //				}
    //				sb.append("\n  Is:");
    //				for (PrismPropertyValue<Object> isPVal : arePValues) {
    //					sb.append("\n    ");
    //					sb.append(isPVal);
    //				}
    //				LOGGER.trace("{}", sb.toString());	
    //			}
    ValueMatcher<T> valueMatcher = ValueMatcher.createMatcher(attributeDefinition, matchingRuleRegistry);
    boolean hasValue = false;
    for (ItemValueWithOrigin<? extends PrismPropertyValue<T>, PrismPropertyDefinition<T>> shouldBePvwo : shouldBePValues) {
        PrismValueDeltaSetTripleProducer<?, ?> shouldBeMapping = shouldBePvwo.getMapping();
        if (shouldBeMapping == null) {
            continue;
        }
        T shouldBeRealValue = shouldBePvwo.getItemValue().getValue();
        if (shouldBeMapping.getStrength() != MappingStrengthType.STRONG && (!arePValues.isEmpty() || hasStrongShouldBePValue)) {
            // weak or normal value and the attribute already has a
            // value. Skip it.
            // we cannot override it as it might have been legally
            // changed directly on the projection resource object
            LOGGER.trace("Skipping reconciliation of value {} of the attribute {}: the mapping is not strong", shouldBeRealValue, attributeDefinition.getName().getLocalPart());
            continue;
        }
        if (!isInValues(valueMatcher, shouldBeRealValue, arePValues)) {
            if (attributeDefinition.isSingleValue()) {
                if (hasValue) {
                    throw new SchemaException("Attempt to set more than one value for single-valued attribute " + attrName + " in " + projCtx.getResourceShadowDiscriminator());
                }
                recordDelta(valueMatcher, projCtx, SchemaConstants.PATH_ATTRIBUTES, attributeDefinition, ModificationType.REPLACE, shouldBeRealValue, shouldBePvwo.getSource(), "it is given by a mapping");
            } else {
                recordDelta(valueMatcher, projCtx, SchemaConstants.PATH_ATTRIBUTES, attributeDefinition, ModificationType.ADD, shouldBeRealValue, shouldBePvwo.getSource(), "it is given by a mapping");
            }
            hasValue = true;
        }
    }
    decideIfTolerate(projCtx, attributeDefinition, arePValues, shouldBePValues, valueMatcher);
}

Example 2 with PropertyAccessType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType in project midpoint by Evolveum.

the class AccessChecker method filterGetAttributes.

public void filterGetAttributes(ResourceAttributeContainer attributeContainer, RefinedObjectClassDefinition objectClassDefinition, OperationResult parentResult) throws SchemaException {
    OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
    for (ResourceAttribute<?> attribute : attributeContainer.getAttributes()) {
        QName attrName = attribute.getElementName();
        RefinedAttributeDefinition attrDef = objectClassDefinition.findAttributeDefinition(attrName);
        if (attrDef == null) {
            String message = "Unknown attribute " + attrName + " in objectclass " + objectClassDefinition;
            result.recordFatalError(message);
            throw new SchemaException(message);
        }
        // Need to check model layer, not schema. Model means IDM logic which can be overridden in schemaHandling,
        // schema layer is the original one. 
        PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
        if (limitations == null) {
            continue;
        }
        // We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
        // e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
        // for delayed operations (e.g. consistency) that are passing through this code again.
        // TODO: we need to figure a way how to avoid this loop
        //			if (limitations.isIgnore()) {
        //				String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
        //				LOGGER.error(message);
        //				throw new SchemaException(message);
        //			}
        PropertyAccessType access = limitations.getAccess();
        if (access == null) {
            continue;
        }
        if (access.isRead() == null || !access.isRead()) {
            LOGGER.trace("Removing non-readable attribute {}", attrName);
            attributeContainer.remove(attribute);
        }
    }
    result.recordSuccess();
}

Example 3 with PropertyAccessType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType in project midpoint by Evolveum.

the class LimitationsEditorDialog method createLimitationsLabelModel.

private IModel<String> createLimitationsLabelModel(final ListItem<PropertyLimitationsTypeDto> item) {
    return new AbstractReadOnlyModel<String>() {

        @Override
        public String getObject() {
            StringBuilder sb = new StringBuilder();
            PropertyLimitationsTypeDto dto = item.getModelObject();
            sb.append("#").append(item.getIndex() + 1).append(" - ");
            List<LayerType> layers = new ArrayList<>();
            if (dto.isModel()) {
                layers.add(LayerType.MODEL);
            }
            if (dto.isPresentation()) {
                layers.add(LayerType.PRESENTATION);
            }
            if (dto.isSchema()) {
                layers.add(LayerType.SCHEMA);
            }
            sb.append(StringUtils.join(layers, ", "));
            sb.append(":");
            if (dto.getLimitationObject().getAccess() != null) {
                List<String> accesses = new ArrayList<>();
                PropertyAccessType access = dto.getLimitationObject().getAccess();
                if (BooleanUtils.isTrue(access.isRead())) {
                    accesses.add(getString("LimitationsEditorDialog.label.read"));
                }
                if (BooleanUtils.isTrue(access.isAdd())) {
                    accesses.add(getString("LimitationsEditorDialog.label.add"));
                }
                if (BooleanUtils.isTrue(access.isModify())) {
                    accesses.add(getString("LimitationsEditorDialog.label.modify"));
                }
                sb.append(StringUtils.join(accesses, ", "));
            }
            return sb.toString();
        }
    };
}

Example 4 with PropertyAccessType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType in project midpoint by Evolveum.

the class AccessChecker method checkModify.

public void checkModify(ResourceType resource, PrismObject<ShadowType> shadow, Collection<? extends ItemDelta> modifications, RefinedObjectClassDefinition objectClassDefinition, OperationResult parentResult) throws SecurityViolationException, SchemaException {
    OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
    for (ItemDelta modification : modifications) {
        if (!(modification instanceof PropertyDelta<?>)) {
            continue;
        }
        PropertyDelta<?> attrDelta = (PropertyDelta<?>) modification;
        if (!SchemaConstants.PATH_ATTRIBUTES.equivalent(attrDelta.getParentPath())) {
            // Not an attribute
            continue;
        }
        QName attrName = attrDelta.getElementName();
        RefinedAttributeDefinition attrDef = objectClassDefinition.findAttributeDefinition(attrName);
        if (attrDef == null) {
            throw new SchemaException("Cannot find definition of attribute " + attrName + " in " + objectClassDefinition);
        }
        PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
        if (limitations == null) {
            continue;
        }
        // We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
        // e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
        // for delayed operations (e.g. consistency) that are passing through this code again.
        // TODO: we need to figure a way how to avoid this loop
        //			if (limitations.isIgnore()) {
        //				String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
        //				LOGGER.error(message);
        //				throw new SchemaException(message);
        //			}
        PropertyAccessType access = limitations.getAccess();
        if (access == null) {
            continue;
        }
        if (access.isModify() == null || !access.isModify()) {
            String message = "Attempt to modify non-updateable attribute " + attrName;
            LOGGER.error(message);
            result.recordFatalError(message);
            throw new SecurityViolationException(message);
        }
    }
    result.recordSuccess();
}

Example 5 with PropertyAccessType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PropertyAccessType in project midpoint by Evolveum.

the class AccessChecker method checkAdd.

public void checkAdd(ProvisioningContext ctx, PrismObject<ShadowType> shadow, OperationResult parentResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
    OperationResult result = parentResult.createMinorSubresult(OPERATION_NAME);
    ResourceAttributeContainer attributeCont = ShadowUtil.getAttributesContainer(shadow);
    for (ResourceAttribute<?> attribute : attributeCont.getAttributes()) {
        RefinedAttributeDefinition attrDef = ctx.getObjectClassDefinition().findAttributeDefinition(attribute.getElementName());
        // schema layer is the original one.
        if (attrDef == null) {
            String msg = "No definition for attribute " + attribute.getElementName() + " in " + ctx.getObjectClassDefinition();
            result.recordFatalError(msg);
            throw new SchemaException(msg);
        }
        PropertyLimitations limitations = attrDef.getLimitations(LayerType.MODEL);
        if (limitations == null) {
            continue;
        }
        // We cannot throw error here. At least not now. Provisioning will internally use ignored attributes
        // e.g. for simulated capabilities. This is not a problem for normal operations, but it is a problem
        // for delayed operations (e.g. consistency) that are passing through this code again.
        // TODO: we need to figure a way how to avoid this loop
        //			if (limitations.isIgnore()) {
        //				String message = "Attempt to create shadow with ignored attribute "+attribute.getName();
        //				LOGGER.error(message);
        //				throw new SchemaException(message);
        //			}
        PropertyAccessType access = limitations.getAccess();
        if (access == null) {
            continue;
        }
        if (access.isAdd() == null || !access.isAdd()) {
            String message = "Attempt to add shadow with non-createable attribute " + attribute.getElementName();
            LOGGER.error(message);
            result.recordFatalError(message);
            throw new SecurityViolationException(message);
        }
    }
    result.recordSuccess();
}