[midPoint-git] [Evolveum/midpoint] a84fbf: Fix authorization (selector) schema
mederly
noreply at github.com
Tue Aug 22 19:14:59 CEST 2023
Branch: refs/heads/tmp/autz-type-fix
Home: https://github.com/Evolveum/midpoint
Commit: a84fbf3d92d4c570acb541c19e4b2feeb3296fde
https://github.com/Evolveum/midpoint/commit/a84fbf3d92d4c570acb541c19e4b2feeb3296fde
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-22 (Tue, 22 Aug 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/HeterogenousContainerWrapperFactory.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilteringContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SelectorProcessingContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/CandidateAssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ParentClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RoleRelationClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SubtypeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TenantClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledObjectCollectionView.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/AbstractMappingImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-intest/src/test/resources/security/governance/role-approver-standard-legacy.xml
M model/model-intest/src/test/resources/security/governance/role-approver-standard-new.xml
M model/model-intest/src/test/resources/security/governance/role-approver-standard-with-candidates.xml
M model/model-intest/src/test/resources/security/governance/role-reviewer-standard-new.xml
M model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
M model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
M model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
M model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/workflow-impl/src/test/resources/approval-task-owner/role-approver.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/restriction/OwnedByRestriction.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorWithItems.java
M testing/story/src/test/resources/strings/roles/role-end-user.xml
Log Message:
-----------
Fix authorization (selector) schema
As decided on June 28th, we will NOT support specification of sub-object
values (e.g. assignments or case work items) by their type alone. We
will require full context information (via "parent" clause), e.g.
AssignmentHolderType:assignment or CaseType:workItem. This commit
implements that. (It still does not strictly require that spec, but
fully supports it.)
(Actually, this makes <type> clause for these values superfluous; so
we no longer need to "publish" - or bind to - specific type names
under the level of prism objects.)
Other changes:
1. The "parent" clause was moved to a more prominent place: into basic
ObjectSelectorType, even before the "type" item. Its meaning is
analogous to the "type" - it establishes the context of the value within
midPoint data model.
2. AuthorizationObjectSelectorType was no longer needed, so it was
removed. AuthorizationObjectSelectorType was renamed to
ObjectParentSelectorType.
3. ParentClause was fixed to support paths of size greater than 1
(given that the repository supports OwnedBy clauses with a single name
only paths).
Commit: 6b965c1a2775f8dd69fe34ef0b46b6bfdb32d81d
https://github.com/Evolveum/midpoint/commit/6b965c1a2775f8dd69fe34ef0b46b6bfdb32d81d
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-22 (Tue, 22 Aug 2023)
Changed paths:
M config/initial-objects/role/043-role-delegator.xml
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
Log Message:
-----------
Do cosmetic changes in authorizations
Compare: https://github.com/Evolveum/midpoint/compare/a84fbf3d92d4%5E...6b965c1a2775
More information about the midPoint-svn
mailing list