[midPoint-git] [Evolveum/midpoint] 1898e8: Implement bottom-up authorization definitions

mederly noreply at github.com
Fri May 19 10:41:24 CEST 2023 

  Branch: refs/heads/feature/autz-improvements
  Home:   https://github.com/Evolveum/midpoint
  Commit: 1898e88ae5fa5acf36dfcf161c8f9c0475af2446
      https://github.com/Evolveum/midpoint/commit/1898e88ae5fa5acf36dfcf161c8f9c0475af2446
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-05-19 (Fri, 19 May 2023)

  Changed paths:
    M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
    M model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
    M model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
    M model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
    M model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/ParentSelector.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java

  Log Message:
  -----------
  Implement bottom-up authorization definitions

The first attempt was to define (e.g.) certification work items
authorizations as part of certification case authorizations, which are
themselves defined as part of object-level certification campaign ones.

Now we define the authorizations at the level of values affected, e.g.,
AccessCertificationWorkItemType or AccessCertificationCaseType. If
necessary, any references to the parent context can be specified by
the "parent" object selector clause.

Work in progress. PoC-quality code.

More information about the midPoint-svn mailing list