[midPoint-git] [Evolveum/midpoint] c97e31: Start implementing new governance authorizations
Viliam Repan
noreply at github.com
Fri Jun 9 11:19:36 CEST 2023
Branch: refs/heads/feature/upgrade-process
Home: https://github.com/Evolveum/midpoint
Commit: c97e31dc41dc8dd0049e1787088f79e8b8ef66e3
https://github.com/Evolveum/midpoint/commit/c97e31dc41dc8dd0049e1787088f79e8b8ef66e3
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AccessCertificationService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/EvaluatedAssignmentImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetPayloadEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetsEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractAssignmentEvaluatorTest.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/resources/security/case-4.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SimulationsBaselineTest.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationLimitationsCollector.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
Log Message:
-----------
Start implementing new governance authorizations
The authorizations like #readOwnCertificationDecisions are now
deprecated. To allow smooth transition, their up-to-date equivalents
will be provided on the fly by AuthorizationMigrator class.
Other changes:
- Implemented "assignee" clause for certification cases and work items.
- Changed the semantics of "assignee" clause to cover not only assignees
of open work items, but all assignees of all work items.
- MidPointPrincipal#getAuthorities now returns unmodifiable collection
(because of safety reasons).
Commit: 92c18600cdb98a2973a0eb9c6c4f0bbe478770fa
https://github.com/Evolveum/midpoint/commit/92c18600cdb98a2973a0eb9c6c4f0bbe478770fa
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCloserHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertOpenerHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageApproachingTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationClosingTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationRemediationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCertificationBasic.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCriticalRolesCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestManualEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestSoDCertification.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
Log Message:
-----------
Remove "search work items" magic from cert manager
Previously, searchOpenWorkItems and countOpenWorkItems methods were
implemented in certification manager, with custom processing
of authorizations - because model controller lacked this functionality.
After searchContainers authorizations were implemented properly, this
commit removes that custom implementation, and redirects the calls
to search/count methods in ModelController.
Commit: f7ff2db819f92a048a6505d3a44c84c50fb8ef29
https://github.com/Evolveum/midpoint/commit/f7ff2db819f92a048a6505d3a44c84c50fb8ef29
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointAllowAllAuthorizationEvaluator.java
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationCaseId.java
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationWorkItemId.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
A model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/WorkItemInContext.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AbstractAuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
Log Message:
-----------
Migrate cert decision recording to new autz
Instead of hardcoded authorization logic for certification decision
recording that used #all and #recordCertificationDecision (for own
decisions), we now use general parameterized #completeWorkItem action.
The legacy #recordCertificationDecision is automatically converted
to the new action on the fly (in memory).
To do that, this commit provides preliminary implementation of
sub-object authorization parameters.
Commit: 174ee09a9f485a3329b9324511e0c994b6ba0361
https://github.com/Evolveum/midpoint/commit/174ee09a9f485a3329b9324511e0c994b6ba0361
Author: lskublik <lskublik at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M model/certification-api/pom.xml
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
Log Message:
-----------
fix for compilation errors
Commit: bbf3aed0095cb3cfd6c25024a905172fcd7b57a8
https://github.com/Evolveum/midpoint/commit/bbf3aed0095cb3cfd6c25024a905172fcd7b57a8
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointAllowAllAuthorizationEvaluator.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-api/pom.xml
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationCaseId.java
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationWorkItemId.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCloserHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertOpenerHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageApproachingTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationClosingTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationRemediationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
A model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/WorkItemInContext.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCertificationBasic.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCriticalRolesCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestManualEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestSoDCertification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AccessCertificationService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/EvaluatedAssignmentImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetPayloadEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetsEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractAssignmentEvaluatorTest.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/resources/security/case-4.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SimulationsBaselineTest.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AbstractAuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationLimitationsCollector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master' into feature/upgrade-process
Commit: bab79e3622243bd49e01cd6f73ec728af01960b0
https://github.com/Evolveum/midpoint/commit/bab79e3622243bd49e01cd6f73ec728af01960b0
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/Main.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/AbstractRepositorySearchAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/Action.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/CountRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/DataSourceAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/DeleteRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/ImportRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/InfoRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/ListKeysRepositoryAction.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/PasswordResetRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/RepositoryAction.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/SchemaRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/SetupDatabaseAction.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/TransformRepositoryAction.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/UnlockRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/audit/ExportAuditRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/audit/ImportAuditRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/trace/EditTraceAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/DownloadDistributionAction.java
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/DownloadDistributionResult.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/UpgradeAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/UpgradeDatabaseAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/UpgradeDistributionAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/UpgradeInstallationAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/step/UpgradeObjectsStep.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/step/VerifyResult.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/step/VerifyStep.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/impl/Command.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/opts/PasswordResetOptions.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/opts/SchemaOptions.java
R tools/ninja/src/main/java/com/evolveum/midpoint/ninja/opts/UnlockOptions.java
Log Message:
-----------
MID-8842 upgrade, updated action interface to allow for result
Compare: https://github.com/Evolveum/midpoint/compare/a6d3ed5679b6...bab79e362224
More information about the midPoint-svn
mailing list