[midPoint-git] [Evolveum/midpoint] aab21f: Add "privileges" item to expression/scripting rule

mederly noreply at github.com
Fri Jul 28 23:00:21 CEST 2023 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: aab21f14d2da4798d21ec5af5f82e992aaafac2f
      https://github.com/Evolveum/midpoint/commit/aab21f14d2da4798d21ec5af5f82e992aaafac2f
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-07-28 (Fri, 28 Jul 2023)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationConfirmation.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationFinish.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageSelfRegistration.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ConfigurationItemable.java
    A infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ExpressionConfigItem.java
    A infra/schema/src/main/java/com/evolveum/midpoint/schema/config/PrivilegesMixin.java
    A infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ScriptExecutionPolicyActionConfigItem.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDebugUtil.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
    M infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
    M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
    M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/GuiProfiledPrincipalManager.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/expr/OptimizingTriggerCreator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/AsynchronousScriptExecutor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/PolicyRuleScriptExecutor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/RunAsRunner.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestIntent.java
    A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestValidityRecomputeTask.java
    A model/model-intest/src/test/resources/run-as/role-regular-user.xml
    A model/model-intest/src/test/resources/run-as/role-with-service-mapping-privileged.xml
    A model/model-intest/src/test/resources/run-as/role-with-service-mapping-run-as.xml
    A model/model-intest/src/test/resources/run-as/role-with-service-mapping-standard.xml
    A model/model-intest/src/test/resources/run-as/service-one.xml
    M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
    M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/processing/ItemProcessingGatekeeper.java
    M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/Expression.java
    M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionFactory.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipalManager.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityContextManager.java
    M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
    M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
    M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/RunningLightweightTaskImpl.java
    M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/run/JobExecutor.java
    M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestRunAs.java

  Log Message:
  -----------
  Add "privileges" item to expression/scripting rule

Besides "runAsRef", midPoint will support "runAsPrivileged" for both
expressions and scripting policy rules execution.

This commit is the first step towards this goal. In particular,

1. ExecutionPrivilegesSpecificationType was introduced as a replacement
for runAsRef property in both contexts.
2. SecurityContextManager was updated to support more complex "runAs"
functionality. Some API improvements were done as well; in particular,
operation result should be provided to some methods.

Work in progress.

More information about the midPoint-svn mailing list