[midPoint-git] [Evolveum/midpoint] 413c23: Enforce authorizations for cleanup activity

mederly noreply at github.com
Thu Nov 11 12:35:13 CET 2021 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: 413c23430f1e621b498883a4c427135e4bc6acdc
      https://github.com/Evolveum/midpoint/commit/413c23430f1e621b498883a4c427135e4bc6acdc
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2021-11-11 (Thu, 11 Nov 2021)

  Changed paths:
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-tasks-3.xsd
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AccessCertificationService.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelExecuteOptions.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/cleanup/CleanupActivityHandler.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/cleanup/CleanupPartialActivityRun.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestCleanupTask.java
    A model/model-intest/src/test/resources/tasks/cleanup/objects-to-be-cleaned-up.xml
    A model/model-intest/src/test/resources/tasks/cleanup/role-limited.xml
    A model/model-intest/src/test/resources/tasks/cleanup/task-cleanup-legacy-admin.xml
    R model/model-intest/src/test/resources/tasks/cleanup/task-cleanup-legacy.xml
    A model/model-intest/src/test/resources/tasks/cleanup/task-cleanup-new-limited.xml
    R model/model-intest/src/test/resources/tasks/cleanup/task-cleanup.xml
    A model/model-intest/src/test/resources/tasks/cleanup/user-limited.xml
    M model/workflow-api/src/main/java/com/evolveum/midpoint/wf/api/WorkflowManager.java
    M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/WorkflowManagerImpl.java
    M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestMiscellaneous.java
    M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/ActivityRunResult.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java
    M repo/task-api/src/main/java/com/evolveum/midpoint/task/api/TaskManager.java
    M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/TaskManagerQuartzImpl.java
    M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/nodes/NodeCleaner.java
    M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/tasks/TaskCleaner.java
    M repo/task-quartz-impl/src/test/java/com/evolveum/midpoint/task/quartzimpl/CleanupTest.java

  Log Message:
  -----------
  Enforce authorizations for cleanup activity

The authorizations are now checked like this:
- audit records: now requiring #cleanupAuditRecords to be even started;
- tasks: now requiring #delete autz for individual objects;
- cases: changed execution from repository to model (so standard
autz checks are enforced);
- nodes: now requiring #delete autz for individual objects;
- reports: no change (processing was already done via model API);
- certifications: no change (processing was already done via model API).

Unrelated changes:
- Added convenience method ModelExecuteOptions.create() (and others).
- Added OID + version to debugDump of PrismObjectValue.
- Made some of NodeType properties optional.
- Fixed DummyAuditService.cleanupAudit.

This resolves MID-7410.


  Commit: 8b6f14024e77652fdb9d8df9a6ca660df448d6aa
      https://github.com/Evolveum/midpoint/commit/8b6f14024e77652fdb9d8df9a6ca660df448d6aa
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2021-11-11 (Thu, 11 Nov 2021)

  Changed paths:
    M dist/src/main/bin/midpoint.sh
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleServiceBase.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/SqaleAuditService.java
    M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoSearchTest.java
    M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/filtering/item/TimestampItemFilterProcessor.java

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master'


Compare: https://github.com/Evolveum/midpoint/compare/fe38784c2f21...8b6f14024e77

More information about the midPoint-svn mailing list