[midPoint-git] [Evolveum/midpoint] e0476c: Fix "enforcement too late" issue (MID-4797)

Pavol Mederly mederly at evolveum.com
Tue Jul 31 16:57:12 CEST 2018 

  Branch: refs/heads/support-3.7
  Home:   https://github.com/Evolveum/midpoint
  Commit: e0476c51624848a1829ae02e387d70338f04cbca
      https://github.com/Evolveum/midpoint/commit/e0476c51624848a1829ae02e387d70338f04cbca
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-07-31 (Tue, 31 Jul 2018)

  Changed paths:
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/ModelContext.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
    R model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/FocusProcessor.java
    A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
    A model/model-intest/src/test/resources/rbac/sod/role-prize-bronze-enforced.xml
    A model/model-intest/src/test/resources/rbac/sod/role-prize-gold-enforced.xml
    A model/model-intest/src/test/resources/rbac/sod/role-prize-silver-enforced.xml

  Log Message:
  -----------
  Fix "enforcement too late" issue (MID-4797)

Converted the enforcer hook into a built-in piece of code that
is invoked as part of FocusProcessor execution.

(cherry picked from commit 9208435)

(cherry picked from commit 8c2e82c)


  Commit: ca43509b4ee9780109062a960a35dcfc86856948
      https://github.com/Evolveum/midpoint/commit/ca43509b4ee9780109062a960a35dcfc86856948
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-07-31 (Tue, 31 Jul 2018)

  Changed paths:
    M infra/schema/src/main/resources/localization/schema.properties
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedCompositeTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedHasAssignmentTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedModificationTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedMultiplicityTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRuleTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedStateTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTimeValidityTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTransitionTrigger.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
    M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java

  Log Message:
  -----------
  Block request to add more pruned roles (MID-4766)

When a pruning is detected for an new assignment and the conflicting
assignment is also a new one, a PolicyViolationException is thrown.

This is implemented using a newly introduced mechanism of "enforcement
override" triggers.

(cherry picked from commit a6a70b3)

(cherry picked from commit 682dfcc)


Compare: https://github.com/Evolveum/midpoint/compare/77b06a3b5461...ca43509b4ee9
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the midPoint-svn mailing list