[midPoint-git] [Evolveum/midpoint] 4ab23f: Fix MID-4450: Role exclusion ignores relations

Pavol Mederly mederly at evolveum.com
Tue Feb 20 10:06:42 CET 2018 

  Branch: refs/heads/post-3.7-fixes
  Home:   https://github.com/Evolveum/midpoint
  Commit: 4ab23f313cb6578733dc0b480b4b518a72cf798d
      https://github.com/Evolveum/midpoint/commit/4ab23f313cb6578733dc0b480b4b518a72cf798d
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-02-20 (Tue, 20 Feb 2018)

  Changed paths:
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
    M infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPathSegment.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathSegmentImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluationOrderImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ExclusionConstraintEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/HasAssignmentConstraintEvaluator.java
    M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
    M model/model-intest/src/test/resources/orgstruct/role-meta-piracy-org.xml
    A model/model-intest/src/test/resources/rbac/sod/role-self-exclusion-manager-member.xml
    A model/model-intest/src/test/resources/rbac/sod/role-self-exclusion.xml
    M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/policy/sod/AbstractTestSoD.java

  Log Message:
  -----------
  Fix MID-4450: Role exclusion ignores relations

The exclusion constraint ignored relations altogether, triggering
even if one of conflicting roles was assigned e.g. as approver.
To resolve this, order constraints on the exclusion
are introduced (although only partially supported now).

!!! Fixed a bug in orderConstraint processing. Missing value of
relation was interpreted as "default", although it should be correctly
interpreted as "any". Deployments should be adapted. !!!


  Commit: a60a5edd8f0547008dbe32b544268a89eb716697
      https://github.com/Evolveum/midpoint/commit/a60a5edd8f0547008dbe32b544268a89eb716697
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-02-20 (Tue, 20 Feb 2018)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerValueHeaderPanel.html
    M gui/admin-gui/src/main/resources/static/less/midpoint-theme.less
    A samples/roles/role-meta-approval-by-approver.xml

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/post-3.7-fixes' into post-3.7-fixes


Compare: https://github.com/Evolveum/midpoint/compare/f054694dd8d9...a60a5edd8f05

More information about the midPoint-svn mailing list