[midPoint-git] [Evolveum/midpoint] 08657c: Migrate case mgmt authorizations to new style (#1)
mederly
noreply at github.com
Sat Jun 10 00:07:36 CEST 2023
Branch: refs/heads/feature/autz-improvements
Home: https://github.com/Evolveum/midpoint
Commit: 08657c345b7665c03f6d5afccd1562fedb6a298d
https://github.com/Evolveum/midpoint/commit/08657c345b7665c03f6d5afccd1562fedb6a298d
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/CaseWorkItemActionsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/CandidateAssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/WorkItemId.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/CaseManager.java
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/CaseManagerImpl.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/helpers/AuthorizationHelper.java
M model/certification-api/pom.xml
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/GuiProfiledPrincipal.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentPathImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestGuiProfiledPrincipalManager.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractEmptyModelIntegrationTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractEmptySecurityTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
R model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityGovernance.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/governance/case-request-1-role-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-1-role-2.xml
A model/model-intest/src/test/resources/security/governance/case-request-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-2-role-3.xml
A model/model-intest/src/test/resources/security/governance/case-request-2.xml
A model/model-intest/src/test/resources/security/governance/org-wheel.xml
A model/model-intest/src/test/resources/security/governance/role-1.xml
A model/model-intest/src/test/resources/security/governance/role-2.xml
A model/model-intest/src/test/resources/security/governance/role-3.xml
A model/model-intest/src/test/resources/security/governance/role-approver-common-parts.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-new.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-with-candidates.xml
A model/model-intest/src/test/resources/security/governance/user-1.xml
A model/model-intest/src/test/resources/security/governance/user-approver1.xml
A model/model-intest/src/test/resources/security/governance/user-approver2.xml
A model/model-intest/src/test/resources/security/governance/user-approver3.xml
A model/model-intest/src/test/resources/security/governance/user-wheel-member1.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/SpringApplicationContextHolder.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/StageComputeHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/itemApproval/ApprovalSchemaHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/cases/CaseStageOpening.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/assignments/AbstractTestAssignmentApproval.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/objects/AbstractTestObjectLifecycleApproval.java
M model/workflow-impl/src/test/resources/assignments/user-jack-deputy.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy1.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy2.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M model/workflow-impl/src/test/resources/common/user-jack.xml
M model/workflow-impl/src/test/resources/miscellaneous/user-scrooge.xml
M model/workflow-impl/src/test/resources/objects-advanced/user-employee-owner.xml
M model/workflow-impl/src/test/resources/objects/user-pirate-owner.xml
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
M repo/security-api/pom.xml
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OtherPrivilegesLimitations.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/pom.xml
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
Log Message:
-----------
Migrate case mgmt authorizations to new style (#1)
Added support for #completeWorkItem and #delegateWorkItem in case mgmt
module. The legacy #delegateOwnWorkItems authorization is interpreted
as #delegateWorkItem with appropriate selector.
In particular:
- Added new "candidateAssignee" clause to enable providing #read autz
to candidate assignees (and their deputies).
- Reworked treatment of "other privileges limitations" in
MidPointPrincipal. Fixed handling of those limitations during
the evaluation of selector clauses.
- Explicitly marking "assignee" clause as supporting only "self"
object selector during searching. (This was in fact so from the
beginning, but only now it's documented and checked.)
Work in progress. #completeAllWorkItems and #delegateAllWorkItems remain
to be migrated. Some tests may fail.
More information about the midPoint-svn
mailing list