[midPoint-git] [Evolveum/midpoint] 8c2e82: Fix "enforcement too late" issue (MID-4797)

Pavol Mederly mederly at evolveum.com
Tue Jul 31 16:57:50 CEST 2018 

  Branch: refs/heads/support-3.8
  Home:   https://github.com/Evolveum/midpoint
  Commit: 8c2e82cf0ad89731b38ab2eeec49e32647fd1a02
      https://github.com/Evolveum/midpoint/commit/8c2e82cf0ad89731b38ab2eeec49e32647fd1a02
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-07-31 (Tue, 31 Jul 2018)

  Changed paths:
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/ModelContext.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
    R model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/FocusProcessor.java
    A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
    A model/model-intest/src/test/resources/rbac/sod/role-prize-bronze-enforced.xml
    A model/model-intest/src/test/resources/rbac/sod/role-prize-gold-enforced.xml
    A model/model-intest/src/test/resources/rbac/sod/role-prize-silver-enforced.xml

  Log Message:
  -----------
  Fix "enforcement too late" issue (MID-4797)

Converted the enforcer hook into a built-in piece of code that
is invoked as part of FocusProcessor execution.

(cherry picked from commit 9208435)


  Commit: 682dfccdcc5f2aed4b70a6903748c92c532bf0e0
      https://github.com/Evolveum/midpoint/commit/682dfccdcc5f2aed4b70a6903748c92c532bf0e0
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-07-31 (Tue, 31 Jul 2018)

  Changed paths:
    M infra/schema/src/main/resources/localization/schema.properties
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedCompositeTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedExclusionTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedHasAssignmentTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedModificationTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedMultiplicityTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRule.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedPolicyRuleTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedSituationTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedStateTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTimeValidityTrigger.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedTransitionTrigger.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyStateRecorder.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
    M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/policy/ApprovalSchemaBuilder.java

  Log Message:
  -----------
  Block request to add more pruned roles (MID-4766)

When a pruning is detected for an new assignment and the conflicting
assignment is also a new one, a PolicyViolationException is thrown.

This is implemented using a newly introduced mechanism of "enforcement
override" triggers.

(cherry picked from commit a6a70b3)


  Commit: e54a7d8e69db043ae1abb9f216e6ffd155397d8e
      https://github.com/Evolveum/midpoint/commit/e54a7d8e69db043ae1abb9f216e6ffd155397d8e
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2018-07-31 (Tue, 31 Jul 2018)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AbstractRoleAssignmentPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentsUtil.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/RoleCatalogItemButton.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/objectdetails/AbstractRoleMainPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAssignmentShoppingKart.java
    M gui/admin-gui/src/main/resources/localization/Midpoint.properties

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/support-3.8' into support-3.8


Compare: https://github.com/Evolveum/midpoint/compare/199e4c0121f3...e54a7d8e69db
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the midPoint-svn mailing list