Examples with ResourceObjectAssociationDirectionType com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType used on opensource projects

Example 1 with ResourceObjectAssociationDirectionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType in project midpoint by Evolveum.

the class EntitlementConverter method postProcessEntitlementsRead.

//////////
// GET
/////////
public void postProcessEntitlementsRead(ProvisioningContext subjectCtx, PrismObject<ShadowType> resourceObject, OperationResult parentResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    ResourceType resourceType = subjectCtx.getResource();
    LOGGER.trace("Starting postProcessEntitlementRead");
    RefinedObjectClassDefinition objectClassDefinition = subjectCtx.getObjectClassDefinition();
    Collection<RefinedAssociationDefinition> entitlementAssociationDefs = objectClassDefinition.getAssociationDefinitions();
    if (entitlementAssociationDefs != null) {
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(resourceObject);
        PrismContainerDefinition<ShadowAssociationType> associationDef = resourceObject.getDefinition().findContainerDefinition(ShadowType.F_ASSOCIATION);
        PrismContainer<ShadowAssociationType> associationContainer = associationDef.instantiate();
        for (RefinedAssociationDefinition assocDefType : entitlementAssociationDefs) {
            ShadowKindType entitlementKind = assocDefType.getKind();
            if (entitlementKind == null) {
                entitlementKind = ShadowKindType.ENTITLEMENT;
            }
            for (String entitlementIntent : assocDefType.getIntents()) {
                LOGGER.trace("Resolving association {} for kind {} and intent {}", assocDefType.getName(), entitlementKind, entitlementIntent);
                ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
                RefinedObjectClassDefinition entitlementDef = entitlementCtx.getObjectClassDefinition();
                if (entitlementDef == null) {
                    throw new SchemaException("No definition for entitlement intent(s) '" + assocDefType.getIntents() + "' in " + resourceType);
                }
                ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
                if (direction == ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
                    postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, parentResult);
                } else if (direction == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                    if (assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute() != null) {
                        postProcessEntitlementSubjectToEntitlement(resourceType, resourceObject, objectClassDefinition, assocDefType, entitlementDef, attributesContainer, associationContainer, assocDefType.getResourceObjectAssociationType().getShortcutAssociationAttribute(), assocDefType.getResourceObjectAssociationType().getShortcutValueAttribute(), parentResult);
                    } else {
                        postProcessEntitlementEntitlementToSubject(subjectCtx, resourceObject, assocDefType, entitlementCtx, attributesContainer, associationContainer, parentResult);
                    }
                } else {
                    throw new IllegalArgumentException("Unknown entitlement direction " + direction + " in association " + assocDefType + " in " + resourceType);
                }
            }
        }
        if (!associationContainer.isEmpty()) {
            resourceObject.add(associationContainer);
        }
    }
}

Example 2 with ResourceObjectAssociationDirectionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType in project midpoint by Evolveum.

the class EntitlementConverter method collectEntitlementAsObjectOperation.

private <TV, TA> PrismObject<ShadowType> collectEntitlementAsObjectOperation(ProvisioningContext subjectCtx, Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismContainerValue<ShadowAssociationType> associationCVal, PrismObject<ShadowType> subjectShadowBefore, PrismObject<ShadowType> subjectShadowAfter, ModificationType modificationType, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
    ResourceType resource = subjectCtx.getResource();
    ShadowAssociationType associationType = associationCVal.asContainerable();
    QName associationName = associationType.getName();
    if (associationName == null) {
        throw new SchemaException("No name in entitlement association " + associationCVal);
    }
    RefinedAssociationDefinition assocDefType = subjectCtx.getObjectClassDefinition().findAssociationDefinition(associationName);
    if (assocDefType == null) {
        throw new SchemaException("No entitlement association with name " + assocDefType + " in schema of " + resource);
    }
    ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
    if (direction != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
        // Process just this one direction. The other direction was processed before
        return subjectShadowAfter;
    }
    Collection<String> entitlementIntents = assocDefType.getIntents();
    if (entitlementIntents == null || entitlementIntents.isEmpty()) {
        throw new SchemaException("No entitlement intent specified in association " + associationCVal + " in " + resource);
    }
    ShadowKindType entitlementKind = assocDefType.getKind();
    if (entitlementKind == null) {
        entitlementKind = ShadowKindType.ENTITLEMENT;
    }
    for (String entitlementIntent : entitlementIntents) {
        ProvisioningContext entitlementCtx = subjectCtx.spawn(entitlementKind, entitlementIntent);
        RefinedObjectClassDefinition entitlementOcDef = entitlementCtx.getObjectClassDefinition();
        if (entitlementOcDef == null) {
            throw new SchemaException("No definition of entitlement intent(s) '" + entitlementIntents + "' specified in association " + associationCVal + " in " + resource);
        }
        QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
        if (assocAttrName == null) {
            throw new SchemaException("No association attribute defined in entitlement association in " + resource);
        }
        RefinedAttributeDefinition assocAttrDef = entitlementOcDef.findAttributeDefinition(assocAttrName);
        if (assocAttrDef == null) {
            throw new SchemaException("Association attribute '" + assocAttrName + "'defined in entitlement association was not found in entitlement intent(s) '" + entitlementIntents + "' in schema for " + resource);
        }
        ResourceAttributeContainer identifiersContainer = ShadowUtil.getAttributesContainer(associationCVal, ShadowAssociationType.F_IDENTIFIERS);
        Collection<ResourceAttribute<?>> entitlementIdentifiersFromAssociation = identifiersContainer.getAttributes();
        ResourceObjectDiscriminator disc = new ResourceObjectDiscriminator(entitlementOcDef.getTypeName(), entitlementIdentifiersFromAssociation);
        ResourceObjectOperations operations = roMap.get(disc);
        if (operations == null) {
            operations = new ResourceObjectOperations();
            operations.setResourceObjectContext(entitlementCtx);
            roMap.put(disc, operations);
        }
        QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
        if (valueAttrName == null) {
            throw new SchemaException("No value attribute defined in entitlement association in " + resource);
        }
        // Which shadow would we use - shadowBefore or shadowAfter?
        //
        // If the operation is ADD or REPLACE, we use current version of the shadow (shadowAfter), because we want
        // to ensure that we add most-recent data to the subject.
        //
        // If the operation is DELETE, we have two possibilities:
        //  - if the resource provides referential integrity, the subject has already
        //    new data (because the object operation was already carried out), so we use shadowAfter
        //  - if the resource does not provide referential integrity, the subject has OLD data
        //    so we use shadowBefore
        PrismObject<ShadowType> subjectShadow;
        if (modificationType != ModificationType.DELETE) {
            subjectShadow = subjectShadowAfter;
        } else {
            if (assocDefType.requiresExplicitReferentialIntegrity()) {
                // we must ensure the referential integrity
                subjectShadow = subjectShadowBefore;
            } else {
                // i.e. resource has ref integrity assured by itself
                subjectShadow = subjectShadowAfter;
            }
        }
        ResourceAttribute<TV> valueAttr = ShadowUtil.getAttribute(subjectShadow, valueAttrName);
        if (valueAttr == null) {
            if (!ShadowUtil.isFullShadow(subjectShadow)) {
                Collection<ResourceAttribute<?>> subjectIdentifiers = ShadowUtil.getAllIdentifiers(subjectShadow);
                LOGGER.trace("Fetching {} ({})", subjectShadow, subjectIdentifiers);
                subjectShadow = resourceObjectReferenceResolver.fetchResourceObject(subjectCtx, subjectIdentifiers, null, result);
                subjectShadowAfter = subjectShadow;
                valueAttr = ShadowUtil.getAttribute(subjectShadow, valueAttrName);
            }
            if (valueAttr == null) {
                LOGGER.error("No value attribute {} in shadow\n{}", valueAttrName, subjectShadow.debugDump());
                // TODO: check schema and try to fetch full shadow if necessary
                throw new SchemaException("No value attribute " + valueAttrName + " in " + subjectShadow);
            }
        }
        PropertyDelta<TA> attributeDelta = null;
        for (Operation operation : operations.getOperations()) {
            if (operation instanceof PropertyModificationOperation) {
                PropertyModificationOperation propOp = (PropertyModificationOperation) operation;
                if (propOp.getPropertyDelta().getElementName().equals(assocAttrName)) {
                    attributeDelta = propOp.getPropertyDelta();
                }
            }
        }
        if (attributeDelta == null) {
            attributeDelta = assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName));
        }
        PrismProperty<TA> changedAssocAttr = PrismUtil.convertProperty(valueAttr, assocAttrDef);
        if (modificationType == ModificationType.ADD) {
            attributeDelta.addValuesToAdd(changedAssocAttr.getClonedValues());
        } else if (modificationType == ModificationType.DELETE) {
            attributeDelta.addValuesToDelete(changedAssocAttr.getClonedValues());
        } else if (modificationType == ModificationType.REPLACE) {
            // TODO: check if already exists
            attributeDelta.setValuesToReplace(changedAssocAttr.getClonedValues());
        }
        if (ResourceTypeUtil.isAvoidDuplicateValues(resource)) {
            PrismObject<ShadowType> currentObjectShadow = operations.getCurrentShadow();
            if (currentObjectShadow == null) {
                LOGGER.trace("Fetching entitlement shadow {} to avoid value duplication (intent={})", entitlementIdentifiersFromAssociation, entitlementIntent);
                currentObjectShadow = resourceObjectReferenceResolver.fetchResourceObject(entitlementCtx, entitlementIdentifiersFromAssociation, null, result);
                operations.setCurrentShadow(currentObjectShadow);
            }
            // TODO it seems that duplicate values are checked twice: once here and the second time in ResourceObjectConverter.executeModify
            // TODO check that and fix if necessary
            PropertyDelta<TA> attributeDeltaAfterNarrow = ProvisioningUtil.narrowPropertyDelta(attributeDelta, currentObjectShadow, assocDefType.getMatchingRule(), matchingRuleRegistry);
            if (LOGGER.isTraceEnabled() && (attributeDeltaAfterNarrow == null || attributeDeltaAfterNarrow.isEmpty())) {
                LOGGER.trace("Not collecting entitlement object operations ({}) association {}: attribute delta is empty after narrow, orig delta: {}", modificationType, associationName.getLocalPart(), attributeDelta);
            }
            attributeDelta = attributeDeltaAfterNarrow;
        }
        if (attributeDelta != null && !attributeDelta.isEmpty()) {
            PropertyModificationOperation attributeModification = new PropertyModificationOperation(attributeDelta);
            attributeModification.setMatchingRuleQName(assocDefType.getMatchingRule());
            LOGGER.trace("Collecting entitlement object operations ({}) association {}: {}", modificationType, associationName.getLocalPart(), attributeModification);
            operations.add(attributeModification);
        }
    }
    return subjectShadowAfter;
}

Example 3 with ResourceObjectAssociationDirectionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType in project midpoint by Evolveum.

the class EntitlementConverter method collectEntitlementToAttrDelta.

/**
	 *  Collects entitlement changes from the shadow to entitlement section into attribute operations.
	 *  Collects a single value.
	 *  NOTE: only collects  SUBJECT_TO_ENTITLEMENT entitlement direction.
	 */
private <T> void collectEntitlementToAttrDelta(ProvisioningContext ctx, Map<QName, PropertyModificationOperation> operationMap, PrismContainerValue<ShadowAssociationType> associationCVal, ModificationType modificationType) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
    RefinedObjectClassDefinition objectClassDefinition = ctx.getObjectClassDefinition();
    ShadowAssociationType associationType = associationCVal.asContainerable();
    QName associationName = associationType.getName();
    if (associationName == null) {
        throw new SchemaException("No name in entitlement association " + associationCVal);
    }
    RefinedAssociationDefinition assocDefType = objectClassDefinition.findAssociationDefinition(associationName);
    if (assocDefType == null) {
        throw new SchemaException("No association with name " + associationName + " in " + objectClassDefinition + " in schema of " + ctx.getResource());
    }
    ResourceObjectAssociationDirectionType direction = assocDefType.getResourceObjectAssociationType().getDirection();
    if (direction != ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
        // therefore will be processed later
        return;
    }
    QName assocAttrName = assocDefType.getResourceObjectAssociationType().getAssociationAttribute();
    if (assocAttrName == null) {
        throw new SchemaException("No association attribute definied in entitlement association '" + associationName + "' in " + ctx.getResource());
    }
    RefinedAttributeDefinition assocAttrDef = objectClassDefinition.findAttributeDefinition(assocAttrName);
    if (assocAttrDef == null) {
        throw new SchemaException("Association attribute '" + assocAttrName + "'definied in entitlement association '" + associationName + "' was not found in schema for " + ctx.getResource());
    }
    PropertyModificationOperation attributeOperation = operationMap.get(assocAttrName);
    if (attributeOperation == null) {
        attributeOperation = new PropertyModificationOperation(assocAttrDef.createEmptyDelta(new ItemPath(ShadowType.F_ATTRIBUTES, assocAttrName)));
        attributeOperation.setMatchingRuleQName(assocDefType.getMatchingRule());
        operationMap.put(assocAttrName, attributeOperation);
    }
    QName valueAttrName = assocDefType.getResourceObjectAssociationType().getValueAttribute();
    if (valueAttrName == null) {
        throw new SchemaException("No value attribute defined in entitlement association '" + associationName + "' in " + ctx.getResource());
    }
    ResourceAttributeContainer identifiersContainer = ShadowUtil.getAttributesContainer(associationCVal, ShadowAssociationType.F_IDENTIFIERS);
    PrismProperty<T> valueAttr = identifiersContainer.findProperty(valueAttrName);
    if (valueAttr == null) {
        throw new SchemaException("No value attribute " + valueAttrName + " present in entitlement association '" + associationName + "' in shadow for " + ctx.getResource());
    }
    if (modificationType == ModificationType.ADD) {
        attributeOperation.getPropertyDelta().addValuesToAdd(valueAttr.getClonedValues());
    } else if (modificationType == ModificationType.DELETE) {
        attributeOperation.getPropertyDelta().addValuesToDelete(valueAttr.getClonedValues());
    } else if (modificationType == ModificationType.REPLACE) {
        // TODO: check if already exists
        attributeOperation.getPropertyDelta().setValuesToReplace(valueAttr.getClonedValues());
    }
}