[midPoint-git] [Evolveum/midpoint] 920843: Fix "enforcement too late" issue (MID-4797)
Pavol Mederly
mederly at evolveum.com
Tue Jul 31 16:44:24 CEST 2018
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: 9208435f7c6778d56a933b51a6f841162ad862db
https://github.com/Evolveum/midpoint/commit/9208435f7c6778d56a933b51a6f841162ad862db
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/ModelContext.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
R model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/FocusProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
A model/model-intest/src/test/resources/rbac/sod/role-prize-bronze-enforced.xml
A model/model-intest/src/test/resources/rbac/sod/role-prize-gold-enforced.xml
A model/model-intest/src/test/resources/rbac/sod/role-prize-silver-enforced.xml
Log Message:
-----------
Fix "enforcement too late" issue (MID-4797)
Converted the enforcer hook into a built-in piece of code that
is invoked as part of FocusProcessor execution.
Commit: a6a70b38c8f2d308599c7e3906ec3668c18d6379
https://github.com/Evolveum/midpoint/commit/a6a70b38c8f2d308599c7e3906ec3668c18d6379
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M infra/schema/src/main/resources/localization/schema.properties
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedCompositeTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedHasAssignmentTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedModificationTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedMultiplicityTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRuleTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedStateTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTimeValidityTrigger.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTransitionTrigger.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java
Log Message:
-----------
Block request to add more pruned roles (MID-4766)
When a pruning is detected for an new assignment and the conflicting
assignment is also a new one, a PolicyViolationException is thrown.
This is implemented using a newly introduced mechanism of "enforcement
override" triggers.
Commit: 08998f994acc6e1170963eca0b9f48aca85fda13
https://github.com/Evolveum/midpoint/commit/08998f994acc6e1170963eca0b9f48aca85fda13
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/ChooseMemberPopup.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/ChooseOrgMemberPopup.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/FocusTypeAssignmentPopupTabPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/MemberPopupTabPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/MultiTypesMemberPopupTabPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AbstractRoleAssignmentPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentsUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/AbstractRoleMemberPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/OrgMemberPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/AbstractShoppingCartTabPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAssignmentShoppingCart.java
M infra/schema/src/main/resources/localization/schema.properties
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/Evolveum/midpoint/compare/d9d98807ffc9...08998f994acc
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the midPoint-svn
mailing list