[midPoint-git] [Evolveum/midpoint] 68903d: Implement value-based selectors in sec. enforcer

mederly noreply at github.com
Fri May 19 21:50:35 CEST 2023 

  Branch: refs/heads/feature/autz-improvements
  Home:   https://github.com/Evolveum/midpoint
  Commit: 68903d4c6118f33fe663cf1aaea226a4ac4f7095
      https://github.com/Evolveum/midpoint/commit/68903d4c6118f33fe663cf1aaea226a4ac4f7095
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-05-19 (Fri, 19 May 2023)

  Changed paths:
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/FocusComputer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
    M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
    A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
    M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
    M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseEvaluationContext.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Delegator.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRelation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Special.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Tenant.java

  Log Message:
  -----------
  Implement value-based selectors in sec. enforcer

1. ObjectSelectorEvaluation now works with arbitrary prism values, not
just prism objects. Temporary/hacked ValueSelectorEvaluation is gone.

2. RepositoryService#selectorMatches was also enhanced to work with
any prism values; and pulled to `repo-api` module, as the implementation
for old and new repo is identical.

Work in progress. This is a step towards value-level authorizations.


  Commit: 530c69987a9fe8a925df7279861dbbef9bff248a
      https://github.com/Evolveum/midpoint/commit/530c69987a9fe8a925df7279861dbbef9bff248a
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-05-19 (Fri, 19 May 2023)

  Changed paths:
    A model/model-intest/src/test/resources/security/role-show-delegation-assignments.xml
    A model/model-intest/src/test/resources/security/role-show-my-assignments-and-accesses.xml
    A model/model-intest/src/test/resources/security/role-show-my-requesters.xml
    A model/model-intest/src/test/resources/security/role-show-roles-inducing-my-role.xml

  Log Message:
  -----------
  Add some authorization test objects

These are meant to cover some use cases discussed on May 16th.


Compare: https://github.com/Evolveum/midpoint/compare/5b1ad842f45d...530c69987a9f

More information about the midPoint-svn mailing list