[midPoint-git] [Evolveum/midpoint] 9530e4: Polish security enforcer
Viliam Repan
noreply at github.com
Mon Jun 12 08:54:12 CEST 2023
Branch: refs/heads/feature/shadow-metadata
Home: https://github.com/Evolveum/midpoint
Commit: 9530e4562929760aa3e336fb3fa13e0c5379650e
https://github.com/Evolveum/midpoint/commit/9530e4562929760aa3e336fb3fa13e0c5379650e
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceContentPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageAttorneySelection.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/AccessDecision.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestCaseIgnore.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestEntitlements.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyParallelism.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjNegative.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionUtil.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationApplicabilityChecker.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationProcessor.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationSecurityFilterBuilder.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Beans.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionFunction.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSecurityConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityFilterBuilder.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapConnTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/big/AbstractAdLdapBigTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/simple/AbstractAdLdapSimpleTest.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdap.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/security/TestRoleMembers.java
Log Message:
-----------
Polish security enforcer
No functional changes, only safe code simplifications.
Work in progress.
Commit: f61762e58027b63b503b5213ea69394442924680
https://github.com/Evolveum/midpoint/commit/f61762e58027b63b503b5213ea69394442924680
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M repo/security-enforcer-impl/pom.xml
Log Message:
-----------
Add missing dependency
Commit: a15b00dc25093bd206e360bc0dabc0ef901e4348
https://github.com/Evolveum/midpoint/commit/a15b00dc25093bd206e360bc0dabc0ef901e4348
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-05 (Fri, 05 May 2023)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
Log Message:
-----------
Make checkstyle happy
Commit: 5654bbf7aff7887a9c3aa6eb3e50b0ee2a95d4ad
https://github.com/Evolveum/midpoint/commit/5654bbf7aff7887a9c3aa6eb3e50b0ee2a95d4ad
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-05 (Fri, 05 May 2023)
Changed paths:
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationApplicabilityChecker.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationProcessor.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationSecurityFilterBuilder.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AutzContext.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityFilterBuilder.java
Log Message:
-----------
Simplify the security enforcer by AutzContext
Commit: 8a9a03b246c4ef024a2d460cfc972029a9be6ead
https://github.com/Evolveum/midpoint/commit/8a9a03b246c4ef024a2d460cfc972029a9be6ead
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationApplicabilityChecker.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationProcessor.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationSecurityFilterBuilder.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AutzContext.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityFilterBuilder.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/AbstractSelectorClauseEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ArchetypeRef.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseEvaluationContext.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseFilterEvaluationContext.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Delegator.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Filter.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRef.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRelation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Special.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Tenant.java
Log Message:
-----------
Draw layers of security enforcer processing
1. This commit divides the processing within SecurityEnforcerImpl
into four distinct layers: enforcer operation, [single] authorization
evaluation, object selector evaluation, and object selector clause
evaluation.
2. Object selector clauses (that currently contain the core of the
autz processing) are now implemented by separate classes, bringing
"is applicable" and "apply filter" algorithms together for better
understandability and maintainability.
Work in progress.
Commit: cffacf55bb1afe9d2033b0673cea79569f68db06
https://github.com/Evolveum/midpoint/commit/cffacf55bb1afe9d2033b0673cea79569f68db06
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-12 (Fri, 12 May 2023)
Changed paths:
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/AbstractArchetypesTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/AbstractPersonaTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverage.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismItemCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
Log Message:
-----------
Add preliminary support for "item value" autz
This commit introduces limited support for "item value" authorizations,
i.e., ones that can discriminate between values of given prism item.
For example, one can allow the #get operation only for work items
assigned to the current principal.
The support is limited to filtering unreadable items/values for now.
Filtering is no longer based on ObjectOperationConstraints. Instead,
PrismEntityOpConstraints (based on new PrismEntityCoverageInformation)
were conceived. They should be more flexible, allowing for filtering
on both items and their values.
Work in progress.
Commit: 30e51086c17aefe7c8091c416d55ff7d0636e89e
https://github.com/Evolveum/midpoint/commit/30e51086c17aefe7c8091c416d55ff7d0636e89e
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-13 (Sat, 13 May 2023)
Changed paths:
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
A model/model-intest/src/test/resources/security/access-certification-campaign-1.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-2.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-3.xml
M model/model-intest/src/test/resources/security/case-4.xml
A model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
A model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCampaignAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseFinder.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCasesAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerValueAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismObjectAsserter.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
Log Message:
-----------
Support nested "item value" authorizations
Now we can specify nested "item value" authorizations - for example,
we can restrict work items in certification cases, which are themselves
restricted in certification campaign objects. We can also declare
inner "item" and "exceptItem" paths for specific item values.
Experimental implementation of "filter" value selection clause was
added as well.
Work in progress. Still no searching or other operations,
only "getObject" evaluation.
Commit: b1e0b70d02addd923cfeae91cbf09f5c59483a79
https://github.com/Evolveum/midpoint/commit/b1e0b70d02addd923cfeae91cbf09f5c59483a79
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-18 (Thu, 18 May 2023)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/handlers/SearchOpHandler.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryContext.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryExecutor.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
Log Message:
-----------
Do minor code improvements
These precede major changes in "item value" autz specification.
(Just to separate these modifications.)
Commit: 1898e88ae5fa5acf36dfcf161c8f9c0475af2446
https://github.com/Evolveum/midpoint/commit/1898e88ae5fa5acf36dfcf161c8f9c0475af2446
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-19 (Fri, 19 May 2023)
Changed paths:
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
M model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
M model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
M model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/ParentSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
Log Message:
-----------
Implement bottom-up authorization definitions
The first attempt was to define (e.g.) certification work items
authorizations as part of certification case authorizations, which are
themselves defined as part of object-level certification campaign ones.
Now we define the authorizations at the level of values affected, e.g.,
AccessCertificationWorkItemType or AccessCertificationCaseType. If
necessary, any references to the parent context can be specified by
the "parent" object selector clause.
Work in progress. PoC-quality code.
Commit: 5b1ad842f45ddc651ee873f716a81265d8a76e56
https://github.com/Evolveum/midpoint/commit/5b1ad842f45ddc651ee873f716a81265d8a76e56
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-19 (Fri, 19 May 2023)
Changed paths:
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/PhaseSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseFilterEvaluationContext.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Filter.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SelectorChainSegment.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
Log Message:
-----------
Generalize security enforcer code
Some operations were generalized from PrismObject to any prism value.
This is a preparation before sub-object get/search operations are
implemented.
Behavior change: The processing of "type" + "relational" (object,
owner, assignee, requester) clauses was fixed: the relational clause
evaluation now considers the refined type, not the original search type.
Commit: 68903d4c6118f33fe663cf1aaea226a4ac4f7095
https://github.com/Evolveum/midpoint/commit/68903d4c6118f33fe663cf1aaea226a4ac4f7095
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-19 (Fri, 19 May 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/FocusComputer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseEvaluationContext.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Delegator.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRelation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Special.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Tenant.java
Log Message:
-----------
Implement value-based selectors in sec. enforcer
1. ObjectSelectorEvaluation now works with arbitrary prism values, not
just prism objects. Temporary/hacked ValueSelectorEvaluation is gone.
2. RepositoryService#selectorMatches was also enhanced to work with
any prism values; and pulled to `repo-api` module, as the implementation
for old and new repo is identical.
Work in progress. This is a step towards value-level authorizations.
Commit: 530c69987a9fe8a925df7279861dbbef9bff248a
https://github.com/Evolveum/midpoint/commit/530c69987a9fe8a925df7279861dbbef9bff248a
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-05-19 (Fri, 19 May 2023)
Changed paths:
A model/model-intest/src/test/resources/security/role-show-delegation-assignments.xml
A model/model-intest/src/test/resources/security/role-show-my-assignments-and-accesses.xml
A model/model-intest/src/test/resources/security/role-show-my-requesters.xml
A model/model-intest/src/test/resources/security/role-show-roles-inducing-my-role.xml
Log Message:
-----------
Add some authorization test objects
These are meant to cover some use cases discussed on May 16th.
Commit: 9632ed6c6e74bebe68bcda4f7ef07e51ea0182dd
https://github.com/Evolveum/midpoint/commit/9632ed6c6e74bebe68bcda4f7ef07e51ea0182dd
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-01 (Thu, 01 Jun 2023)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetInducementEvaluation.java
Log Message:
-----------
Do a cosmetic change
Commit: 472a1399fa2cd5599e1522767716e10763c05144
https://github.com/Evolveum/midpoint/commit/472a1399fa2cd5599e1522767716e10763c05144
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/ParsedGetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/SelectorOptions.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseApplicabilityPredicate.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseProcessingContextDescription.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilterCollector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingTracer.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectFilterExpressionEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OrgTreeEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OwnerResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceEvent.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceRecord.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/package-info.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ParentClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RoleRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelectorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TenantClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/package-info.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelService.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/LinkedObjectsFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensOwnerResolver.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/DeltaExecution.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AutoAssignMappingCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/ObjectSet.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/ActivationDescriptionHandler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
M model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/model-intest/src/test/resources/security/role-filter-object-modify-caribbean.xml
M model/model-intest/src/test/resources/security/role-read-jacks-campaigns.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
R repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionUtil.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/CertificationCaseHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
M repo/security-api/pom.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipalManager.java
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OwnerResolver.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/pom.xml
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSpecParser.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Specification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TopDownSpecification.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/AbstractSelectorClauseEvaluation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ArchetypeRef.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseEvaluationContext.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseFilterEvaluationContext.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Delegator.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Filter.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRef.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRelation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Special.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Tenant.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/ParentSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SelectorChainSegment.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
Log Message:
-----------
Add security to searching/counting containers
The model.countContainers and searchContainers methods got better
security (authorizations) treatment. It is similar to the one in their
object-based counterparts: filter processing before the operation,
and data filtering afterward. (The latter except assignments, as they
currently do not have their owning objects attached.)
In order to do that, here we introduced ValueSelector - a parsed form
of ObjectSelectorType and its subtypes. It is analogous to ObjectFilter
in that it can evaluate itself in a given context. (The context is
currently quite complex, hopefully it will get simpler eventually.)
These selectors reside in the `schema` module. The functionality was
previously in repository service (impl, then api) and in security
enforcer implementation. This may or may not be the final place;
at least some of the clauses may be moved upwards in the future.
Some steps towards more flexible framework for diagnosing selectors
and authorization were taken. However, it's in very early stage now.
Work in progress. The individual parts are still finding their place.
The whole concept of sub-object authorizations in being discussed now.
Other changes:
- Removed (almost) duplicate WorkItemsAsserter.
Commit: 8e55ae01e84de751dc50fea365127e437e0c4f38
https://github.com/Evolveum/midpoint/commit/8e55ae01e84de751dc50fea365127e437e0c4f38
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
M config/initial-objects/archetype/507-archetype-task-report.xml
M config/initial-objects/system-configuration/000-system-configuration.xml
M dist/midpoint-api/pom.xml
M gui/admin-gui/pom.xml
M gui/admin-gui/src/frontend/scss/midpoint.scss
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/DefaultGuiConfigurationCompiler.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/captcha/CaptchaPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/result/OperationResultPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/HistoryPageTabVisibleBehavior.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/ObjectTabVisibleBehavior.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebPrismUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/data/provider/ObjectDataProvider.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/data/provider/ResourceTemplateProvider.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/data/provider/SelectableBeanDataProvider.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/SourceMappingProvider.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/SearchBoxConfigurationBuilder.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/SearchConfigurationMerger.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/SearchableItemsDefinitions.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/factory/SearchItemContext.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/wizard/EnumWizardChoicePanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AssociationAndExpressionPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AssociationRefPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AttributeMappingItemPathPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AutoCompleteReferencePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ConditionPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/CorrelatorItemRefPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/DatePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/DefaultContainerablePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/DropDownChoicePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/DurationPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/EnumPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ExecuteScriptPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ExpressionModel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ItemPathPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/LabelPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/LinkedReferencePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/LockoutStatusPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/LoggingAppenderPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/LoggingPackagePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/MetadataPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ModificationsPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ObjectDeltaPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ParameterTypePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/PasswordHintPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/PolyStringEditorPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ProfilingLoggerLevelPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/QueryTextAreaPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/RelationPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ResourceAttributeRefPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ResourceIntentFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ResourceObjectClassFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/SearchFilterPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/SourceOrTargetOfMappingPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/TaskIntentFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/TaskObjectClassFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/TextAreaPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/TextPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/ThreeStateComboPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/UploadDownloadPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/VariableBindingDefinitionTypePanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/WorkItemDetailsPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/BooleanWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/ExpressionWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/HeterogenousContainerWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/LoggingConfigurationWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/OperationalContainerWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/PrismContainerWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/PrismObjectWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/PrismPropertyWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/PrismReferenceWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/ProtectedStringWrapperFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/ResourceAttributeWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/ResourceWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/abstractrole/component/MemberOperationsHelper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/component/TaskOperationalButtonsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/org/component/OrgMemberPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/resource/component/CapabilitiesPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/resource/component/ResourceSchemaPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/systemconfiguration/component/MailServerPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/systemconfiguration/component/SmsGatewayPanelFactory.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/task/component/TaskBasicPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/user/component/UserDelegationsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/AbstractPageLogin.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/AbstractPageLogin.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/AbstractPageRemoteAuthenticationSelect.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/AbstractPageRemoteAuthenticationSelect.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAbstractFlow.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAttributeVerification.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAuthenticationBase.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageFocusIdentification.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageInvitation.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageLogin.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PagePasswordHint.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationBase.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageSelfRegistration.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageSelfRegistration.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/vertical/form/VerticalFormDefaultContainerablePanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/vertical/form/VerticalFormPrismPropertyHeaderPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/vertical/form/VerticalFormPrismPropertyPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/vertical/form/VerticalFormPrismReferenceHeaderPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/prism/panel/vertical/form/VerticalFormPrismReferencePanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/util/GuiDisplayNameUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/AsyncWebProcessManagerImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/AbstractSpringBootApplication.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/EmbeddedTomcatAutoConfiguration.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointSpringApplication.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/NodeIdHeaderValve.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/StaticWebServlet.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/TomcatRootValve.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/TrailingSlashRedirectingFilter.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/ACAttributeDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentTablePanel.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/dialog/ExportMiningPanel.html
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/dialog/ExportMiningPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/form/MidpointForm.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/form/MultipartFormConfiguration.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/ExpressionEditorPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/UploadDownloadPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/input/dto/ExpressionTypeDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/message/FeedbackListView.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/DynamicFieldGroupPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/DynamicFieldGroupPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/DynamicFormPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/progress/ProgressPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/ResourceWizardPreviousButton.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/Wizard.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/Wizard.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardButtonBar.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardButtonBar.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardIssuesPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardIssuesPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardStepDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardSteps.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardSteps.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/WizardUtil.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/CapabilityStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/CapabilityStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/ConfigurationStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/ConfigurationStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/NameStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/NameStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/ResourceWizard.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SchemaHandlingStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SchemaHandlingStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SchemaStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SchemaStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SynchronizationStep.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/SynchronizationStep.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/DuplicateObjectTypeDetector.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/SchemaListPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/SchemaListPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/WizardHelpDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/WizardHelpDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/XmlEditorPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/XmlEditorPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/AddCapabilityDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/AddCapabilityDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityActivationPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityActivationPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityCredentialsPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityCredentialsPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityScriptPanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityScriptPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityStepDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityValuePanel.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/capability/CapabilityValuePanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/AttributeEditorUtils.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceActivationEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceActivationEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceAssociationEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceAssociationEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceAttributeEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceAttributeEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceCredentialsEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceCredentialsEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceDependencyEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceDependencyEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceIterationEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceIterationEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceProtectedEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/ResourceProtectedEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/ExpressionVariableEditorDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/ExpressionVariableEditorDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/LimitationsEditorDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/LimitationsEditorDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/MappingEditorDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/schemahandling/modal/MappingEditorDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/ConditionalSearchFilterEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/ConditionalSearchFilterEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationActionEditorDialog.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationActionEditorDialog.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationExpressionEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationExpressionEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationReactionEditor.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/component/synchronization/SynchronizationReactionEditor.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/AttributeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/Capability.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/CapabilityDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ConnectorHostTypeComparator.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ConnectorTypeComparator.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ExpressionVariableDefinitionTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/IterationSpecificationTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/MappingTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ObjectClassDataProvider.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ObjectClassDetailsDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ObjectClassDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/PropertyLimitationsTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ResourceObjectTypeDefinitionTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/ResourceSynchronizationDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/SchemaHandlingDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/SynchronizationActionTypeDto.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wizard/resource/dto/WizardIssuesDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/handlers/DirectAssignmentCertGuiHandler.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageDebugList.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/component/PageDebugDownloadBehaviour.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/component/RoleMiningExportOperation.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/component/SystemInfoPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/CapabilitiesDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/CapabilitiesPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/CapabilitiesPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.html
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceSummaryPanel.java
R gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceWizardIssuesModel.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/component/SchemaListPanel.html
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/component/SchemaListPanel.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/AttributeDto.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ObjectClassDataProvider.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ObjectClassDetailsDto.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/dto/ObjectClassDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/roles/SearchBoxConfigurationHelper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/ExecuteChangeOptionsDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/ExecuteChangeOptionsPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/component/ExecuteChangeOptionsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/error/PageError401.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/util/SecurityUtils.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExpressionUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointProfilingServletFilter.java
M gui/admin-gui/src/test/java/com/evolveum/midpoint/gui/TestWrapperDelta.java
M gui/admin-gui/src/test/java/com/evolveum/midpoint/web/AbstractGuiIntegrationTest.java
M gui/admin-gui/src/test/java/com/evolveum/midpoint/web/TestPageMounter.java
M gui/admin-gui/src/test/resources/common/resource-dummy-initialized.xml
M infra/common/pom.xml
M infra/common/src/main/java/com/evolveum/midpoint/common/Clock.java
M infra/common/src/main/java/com/evolveum/midpoint/common/InternalsConfigController.java
A infra/common/src/main/java/com/evolveum/midpoint/common/RoleMiningExportUtils.java
M infra/common/src/main/java/com/evolveum/midpoint/common/StaticExpressionUtil.java
M infra/common/src/main/java/com/evolveum/midpoint/common/rest/MidpointAbstractProvider.java
M infra/common/src/main/java/com/evolveum/midpoint/common/rest/MidpointJsonProvider.java
M infra/common/src/main/java/com/evolveum/midpoint/common/rest/MidpointXmlProvider.java
M infra/common/src/main/java/com/evolveum/midpoint/common/rest/MidpointYamlProvider.java
M infra/common/src/test/java/com/evolveum/midpoint/common/TestStaticValues.java
M infra/common/src/test/resources/crypto/task-add-account.xml
M infra/common/src/test/resources/crypto/task-modify-jack-password.xml
M infra/pom.xml
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/PrismQueryExpressionSupport.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/SchemaService.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/cache/CacheConfigurationManager.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/result/OperationResultFactory.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/traces/OpNode.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/traces/TraceUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/traces/visualizer/BaseVisualizer.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/traces/visualizer/MappingEvaluationVisualizer.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ConnectorTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/FormTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ParamsTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/PolicyRuleTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ResourceTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDebugUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ScriptingBeansUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SecurityPolicyUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SimpleExpressionUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ValueDisplayUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/task/TaskTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-case-management-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-correlation-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-gui-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-tasks-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-workflows-3.xsd
M infra/schema/src/main/resources/xml/ns/public/model/extension-3.xsd
M infra/schema/src/main/resources/xml/ns/public/report/extension-3.xsd
M infra/schema/src/main/resources/xml/ns/public/resource/capabilities-3.xsd
M infra/schema/src/test/java/com/evolveum/midpoint/schema/TestDeltaConverter.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/TestJaxbParsing.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/TestParseDiffPatch.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/TestParseFilter.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/TestParseObjectTemplate.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/parser/TestParseForm.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/parser/TestParseMappingConst.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/parser/TestParseResource.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/parser/TestParseScriptingExpression.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/parser/TestParseScriptingExpressionXsiType.java
M infra/schema/src/test/java/com/evolveum/midpoint/schema/util/XsdTypeConverterTest.java
R infra/schema/src/test/resources/common/model-context-1.xml
M infra/schema/src/test/resources/common/task-bulk-action-1.xml
M infra/schema/src/test/resources/common/task-bulk-action-2.xml
M infra/schema/src/test/resources/deltaconverter/task-new.xml
M infra/schema/src/test/resources/deltaconverter/task-old.xml
M infra/schema/src/test/resources/diff/system-configuration-after.xml
M infra/schema/src/test/resources/diff/system-configuration-before.xml
R infra/schema/src/test/resources/diff/task-modelOperationContext-before.xml
M infra/schema/src/test/resources/xmljson/task-delete-dummy-shadows.skip.xml
M infra/schema/src/test/resources/xmljson/task-reconcile-dummy-filter.skip.xml
M infra/test-util/pom.xml
M model/authentication-api/pom.xml
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/LoginFormModuleFactory.java
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/RemoveUnusedSecurityFilterPublisher.java
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/AuthenticationEvaluator.java
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/MidpointAuthentication.java
M model/authentication-impl/pom.xml
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/MidpointAutowiredBeanFactoryObjectPostProcessor.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/WicketRedirectStrategy.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/channel/InvitationAuthenticationChannel.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/MidpointWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/MidpointWebSecurityConfigurerAdapter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/entry/point/HttpAuthenticationEntryPoint.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/entry/point/HttpSecurityQuestionsAuthenticationEntryPoint.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/entry/point/RemoteAuthenticationEntryPoint.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/entry/point/WicketLoginUrlAuthenticationEntryPoint.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/channel/AbstractChannelFactory.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/channel/InvitationChannelFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/AbstractModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/HttpClusterModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/HttpHeaderModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/LdapModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcClientModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcResourceServerModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/OtherModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/RemoteModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/Saml2ModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/AttributeVerificationAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/FocusIdentificationAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/HintAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/HttpAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/HttpBasicAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/HttpClusterAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/HttpSecurityQuestionsAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MailNonceAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointAnonymousAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointExceptionTranslationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointFilterChainProxy.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointFocusVerificationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointRequestHeaderAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointUsernamePasswordAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/PreLogoutFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RedirectForLoginPagesWithAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RefuseUnauthenticatedRequestFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RemoteAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/SecurityQuestionsAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/SequenceAuditFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/TransformExceptionFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/configurers/MidpointExceptionHandlingConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/AuditedAccessDeniedHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/AuditedLogoutHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/BasicMidPointAuthenticationSuccessHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/MidPointAuthenticationSuccessHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/MidpointAccessDeniedHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/handler/MidpointAuthenticationFailureHandler.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/AuditedAuthenticationException.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/LdapDirContextAdapter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/MidpointPrincipalContextMapper.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/ModuleWebSecurityConfigurationImpl.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcAdditionalConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcClientModuleWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/RemoteModuleWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/SamlModuleWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/AttributeVerificationModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/FocusIdentificationModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HintModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpBasicModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpClusterModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpHeaderModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpSecurityQuestionsModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/LoginFormModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/MailNonceFormModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/ModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcClientModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcResourceServerModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/RemoteModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/SamlModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/SecurityQuestionsFormModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcAuthorizationRequestRedirectFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcBearerTokenAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcClientLogoutSuccessHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcLoginAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MidPointLdapAuthenticationProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcClientProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcResourceServerProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/Saml2Provider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointMetadataRelyingPartyRegistrationResolver.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LoginConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LogoutRequestResolver.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LogoutRequestSuccessHandler.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationRequestFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/session/MidpointHttpServletRequest.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/session/MidpointRegisterSessionAuthenticationStrategy.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/session/SessionAndRequestScopeImpl.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/util/AuthSequenceUtil.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/TestAuthSequenceUtil.java
M model/authentication-impl/src/test/resources/common/system-configuration.xml
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/CaseManagerImpl.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/TimedActionTriggerHandler.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/engine/CaseEngineImpl.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCampaignCreationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCampaignReiterationTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageApproachingTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationClosingTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationRemediationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationHook.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/handlers/DirectAssignmentCertificationHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/handlers/ExclusionCertificationHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/outcomeStrategies/AcceptedIfNotDeniedStrategy.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/outcomeStrategies/AllMustAcceptStrategy.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/outcomeStrategies/OneAcceptAcceptsStrategy.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/outcomeStrategies/OneDenyDeniesStrategy.java
M model/certification-impl/src/test/resources/common/task-trigger-scanner-manual.xml
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AdminGuiConfigurationMergeManager.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelExecuteOptions.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledGuiProfile.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledObjectCollectionView.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledShadowCollectionView.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/expr/MidpointFunctions.java
M model/model-common/pom.xml
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/ModelCommonBeans.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/archetypes/ArchetypeManager.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/archetypes/ArchetypePolicyMerger.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssignmentTargetSearchExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssociationFromLinkExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssociationTargetSearchExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/ConstExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/FunctionExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/GenerateExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/ProportionalExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/ReferenceSearchExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/path/PathExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/transformation/TransformationalEvaluation.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/functions/BasicExpressionFunctions.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/script/ScriptExpressionEvaluatorFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/script/ScriptExpressionFactory.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/mapping/metadata/builtin/BaseBuiltinMetadataMapping.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/util/DefaultColumnUtils.java
M model/model-common/src/test/java/com/evolveum/midpoint/model/common/expression/script/TestGroovyExpressionsSandbox.java
M model/model-impl/pom.xml
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ClusterCacheListener.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/PrismConfigurationUpdater.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/cleanup/CleanupActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/cleanup/ShadowRefreshActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AdminGuiConfigurationMergeManagerImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/composite/CompositeCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/expression/ExpressionCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/filter/FilterCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/idmatch/IdMatchCorrelator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/idmatch/IdMatchCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/items/ItemsCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/correlator/noop/NoOpCorrelatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/dataModel/dot/DotMappingRelation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/SequentialValueExpressionEvaluatorFactory.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/triggerSetter/TriggerCreatorGlobalState.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/integrity/objects/ObjectIntegrityCheckActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/integrity/shadows/ShadowIntegrityCheckActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/PersonaKey.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/PersonaProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/construction/ItemEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/construction/PersonaConstruction.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/FocusChangeExecution.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/ScriptExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/FocalMappingSetEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/TemplateMappingsEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/AlwaysTrueConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/AssignmentModificationConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/CompositeConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ConstraintEvaluatorHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/CustomConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ExclusionConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/HasAssignmentConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ModificationConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/MultiplicityConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ObjectModificationConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/OrphanedConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/PolicyConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/PolicyConstraintsEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/PolicySituationConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/StateConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/TransitionConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/NonIterativeScriptingActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/ScriptingExpressionEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/VariablesUtil.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/AddExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ApplyDefinitionExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/AssignExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/DeleteExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/DiscoverConnectorsExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/EnableDisableExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ExecuteScriptExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/GenerateValueExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/LogExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ModifyExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/NotifyExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/PurgeSchemaExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/RecomputeExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ReencryptExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ResolveExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ResumeTaskExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/TestResourceExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/UnassignExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/actions/ValidateExecutor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/scripting/expressions/SearchEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/ClusterwideUserSessionManagerImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/simulation/SimulationResultManagerImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/ProjectionLinkUpdater.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/SynchronizationServiceRegisterAgent.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/SynchronizationSorterEvaluatorImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/action/StandardActionsRegistrar.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/async/AsyncUpdateActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/imp/ImportActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/imp/ImportActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/recon/OperationCompletionActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/recon/ReconciliationActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/recon/RemainingShadowsActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/recon/ResourceObjectsReconciliationActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/sync/tasks/sync/LiveSyncActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/DeletionActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/ExplicitChangeExecutionActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/ShadowCleanupActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/ShadowFetchingPreprocessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/cluster/AutoScalingActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/cluster/AutoScalingActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/scanner/FocusValidityScanActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/scanner/FocusValidityScanPartialRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/scanner/FocusValidityScanWorkDefinition.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/tasks/simple/SimpleActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/CompletedTaskCleanupTriggerHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/RecomputeTriggerHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/ShadowReconcileTriggerHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/TriggerScanActivityHandler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/TriggerScanActivityRun.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/trigger/UnlockTriggerHandler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractLensTest.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignedMappings.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestPolicyRules2.java
R model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestProjectorPersonaDeprecated.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestGuiProfiledPrincipalManager.java
M model/model-impl/src/test/resources/common/system-configuration.xml
M model/model-impl/src/test/resources/common/task-reconcile-dummy.xml
M model/model-impl/src/test/resources/lens/policy/role-student.xml
M model/model-impl/src/test/resources/lens/role-corp-engineer.xml
R model/model-impl/src/test/resources/lens/role-persona-admin.xml
M model/model-impl/src/test/resources/refinedschema/task-reconcile-dummy-kind-intent-objectclass.xml
M model/model-impl/src/test/resources/refinedschema/task-reconcile-dummy-kind-intent.xml
M model/model-impl/src/test/resources/refinedschema/task-reconcile-dummy-objectclass.xml
M model/model-intest/pom.xml
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestActivation.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContract.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestNotifications.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestPreviewChanges.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/TestArchetypeInheritance.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/TestArchetypes.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractManualResourceTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/AbstractPersonaTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/TestPersonaPassword.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestRecomputeTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestValidityRecomputeTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestValidityRecomputeTaskPartitionedMultipleTasks.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestValidityRecomputeTaskPartitionedSingleTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestLiveSyncTask.java
R model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestLiveSyncTaskLegacy.java
R model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestLiveSyncTaskLegacyMultithreaded.java
M model/model-intest/src/test/resources/archetypes/archetype-liveSync-task.xml
M model/model-intest/src/test/resources/archetypes/archetype-recon-task.xml
M model/model-intest/src/test/resources/archetypes/archetype-task-basic.xml
M model/model-intest/src/test/resources/archetypes/role-user-administrator.xml
M model/model-intest/src/test/resources/archetypes/system-configuration-archetypes.xml
A model/model-intest/src/test/resources/common/archetype-admin.xml
M model/model-intest/src/test/resources/common/archetype-approval-case.xml
A model/model-intest/src/test/resources/common/archetype-persona-role.xml
M model/model-intest/src/test/resources/common/archetype-task-iterative-bulk-action.xml
M model/model-intest/src/test/resources/common/archetype-task-reconciliation.xml
M model/model-intest/src/test/resources/common/archetype-task-single-bulk-action.xml
M model/model-intest/src/test/resources/common/role-buccaneer-green.xml
M model/model-intest/src/test/resources/common/role-persona-admin.xml
M model/model-intest/src/test/resources/common/role-pirate-green.xml
M model/model-intest/src/test/resources/common/role-pirate.xml
M model/model-intest/src/test/resources/common/system-configuration.xml
M model/model-intest/src/test/resources/importer/import-task.json
M model/model-intest/src/test/resources/importer/import-task.yaml
M model/model-intest/src/test/resources/manual/resource-manual-capabilities.xml
M model/model-intest/src/test/resources/manual/resource-semi-manual-disable.xml
M model/model-intest/src/test/resources/metadata/provenance-metadata-recording/task-crm-import.xml
M model/model-intest/src/test/resources/scripting/modify-jack-password-task-legacy.xml
M model/model-intest/src/test/resources/scripting/scripting-users-in-background-iterative-task-legacy.xml
M model/model-intest/src/test/resources/scripting/scripting-users-in-background-iterative-task.xml
M model/model-intest/src/test/resources/scripting/system-configuration.xml
M model/model-intest/src/test/resources/security/archetype-approval-case.xml
M model/model-intest/src/test/resources/security/role-persona-management.xml
M model/model-intest/src/test/resources/strange/system-configuration-strange.xml
A model/model-intest/src/test/resources/sync/task-custom-validity-scan.xml
M model/model-intest/src/test/resources/sync/task-delete-dummy-accounts.xml
M model/model-intest/src/test/resources/sync/task-delete-dummy-shadows.xml
M model/model-intest/src/test/resources/sync/task-dummy-byzantine-recon.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-errors-precise-ignore-partial-stop-on-fatal.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-errors-precise-ignore.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-errors-precise-retry-later-max-4.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-errors-precise-retry-later-on-any.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-errors-precise-stop-on-any.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-batched-imprecise.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-batched.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-dry-run-with-update.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-dry-run.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-error-imprecise.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-error.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-slow-model-imprecise.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-slow-model.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-slow-resource-imprecise.xml
R model/model-intest/src/test/resources/tasks/livesync/legacy-task-intsync-slow-resource.xml
M model/model-intest/testng-integration-full.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/CompiledGuiProfileAsserter.java
M model/notifications-impl/pom.xml
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/AccountOperationListener.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/CaseEventCreationListenerImpl.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/CertificationListener.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/NotificationHook.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/NotificationTaskListener.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/handlers/BaseHandler.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/transport/impl/MailMessageTransport.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/transport/impl/SmsMessageTransport.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/transport/impl/TransportServiceImpl.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/transport/impl/legacy/LegacyMailTransport.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/transport/impl/legacy/LegacySimpleSmsTransport.java
M model/report-api/src/main/java/com/evolveum/midpoint/report/api/ReportConstants.java
M model/report-impl/pom.xml
M model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportBeans.java
M model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportManagerImpl.java
M model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/activity/ClassicReportExportActivityHandler.java
M model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/activity/ClassicReportImportActivityHandler.java
M model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/activity/DistributedReportExportActivityHandler.java
M model/rest-impl/pom.xml
M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java
M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java
M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/RestApiIndex.java
M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/RestExceptionHandler.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/WfConfiguration.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/execution/CaseOperationExecutionTaskHandler.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/hook/WfHook.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/PrimaryChangeProcessor.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/aspect/BasePrimaryChangeAspect.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/assignments/TestAssignmentsAdvanced.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M model/workflow-impl/src/test/resources/assignments/system-configuration-global.xml
M model/workflow-impl/src/test/resources/common/023-archetype-manual-provisioning-case.xml
M model/workflow-impl/src/test/resources/common/024-archetype-operation-request.xml
M model/workflow-impl/src/test/resources/common/025-archetype-approval-case.xml
M model/workflow-impl/src/test/resources/common/task-trigger-scanner.xml
M model/workflow-impl/src/test/resources/objects-advanced/system-configuration.xml
M model/workflow-impl/src/test/resources/sequence/system-configuration.xml
M pom.xml
M provisioning/provisioning-impl/pom.xml
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ExternalResourceEventListenerImpl.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectConverter.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ConnectorManager.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ResourceCache.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/ShadowsLocalBeans.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/task/MultiPropagationActivityHandler.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/task/PropagationActivityHandler.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/AbstractProvisioningIntegrationTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/async/provisioning/TestAsyncProvisioning.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/async/provisioning/TestAsyncProvisioningArtemis.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/AbstractBasicDummyTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/AbstractDummyTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyExtra.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyLimited.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/mock/SynchronizationServiceMock.java
M provisioning/provisioning-impl/src/test/resources/dummy/dummy-limited/resource-dummy.xml
M provisioning/provisioning-impl/src/test/resources/dummy/dummy-priorities-read-replace/resource-dummy-all-read-replace.xml
M provisioning/ucf-impl-builtin/pom.xml
M provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/async/provisioning/targets/JmsProvisioningTarget.java
M provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/async/update/sources/JmsAsyncUpdateSource.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnectorFactoryConnIdImpl.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/global/GlobalObjectCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/global/GlobalQueryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/global/GlobalVersionCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/registry/CacheRegistryImpl.java
M repo/repo-cache/src/test/java/com/evolveum/midpoint/repo/cache/CacheInvalidationPerformanceTest.java
M repo/repo-cache/src/test/java/com/evolveum/midpoint/repo/cache/TestRepositoryCache.java
M repo/repo-common/pom.xml
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/SystemConfigurationCacheAdapter.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/SystemObjectCache.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/handlers/CustomCompositeActivityHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/handlers/NoOpActivityHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/CommonTaskBeans.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/ErrorHandlingStrategyExecutor.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/IterativeActivityRun.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/SearchBasedActivityRun.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/SearchBasedActivityRunSpecifics.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/SearchSpecification.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/StringBucketContentFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/FilterWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/NullWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/NumericIntervalWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/StringIntervalWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/StringPrefixWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/buckets/segmentation/content/StringValueWorkBucketContentHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/processing/ProcessingCoordinator.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/activity/run/task/ActivityBasedTaskHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/AbstractAutowiredExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/AbstractObjectResolvableExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/BaseExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/Expression.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/evaluator/AsIsExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/evaluator/LiteralExpressionEvaluator.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/evaluator/LiteralExpressionEvaluatorFactory.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/util/OperationExecutionWriter.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/RepoConcurrencyTest.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/TestBucketingLive.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/TestBucketingStatic.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/TestWorkerTasks.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/handlers/composite/CompositeMockActivityHandler.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/handlers/iterative/IterativeMockActivityHandler.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/handlers/search/SearchIterativeMockActivityHandler.java
M repo/repo-common/src/test/java/com/evolveum/midpoint/repo/common/tasks/handlers/simple/SimpleMockActivityHandler.java
M repo/repo-common/src/test/resources/tasks/activities/other/task-recomputation-multinode.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-recomputation-multithreaded.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-recomputation-pre-and-post-processing-explicit.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-recomputation-pre-and-post-processing-new.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-recomputation-pre-and-post-processing-tailored.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-reconciliation-multinode.xml
M repo/repo-common/src/test/resources/tasks/activities/other/task-reconciliation-pre-and-post-processing-new.xml
M repo/repo-common/src/test/resources/tasks/activities/task-150-mock-iterative.xml
M repo/repo-common/src/test/resources/tasks/activities/task-155-mock-iterative-bucketed.xml
M repo/repo-common/src/test/resources/tasks/activities/task-160-mock-search-iterative.xml
M repo/repo-common/src/test/resources/tasks/activities/task-170-mock-bucketed.xml
M repo/repo-common/src/test/resources/tasks/activities/task-180-bucketed-tree.xml
M repo/repo-common/src/test/resources/tasks/activities/task-190-suspending-composite.xml
M repo/repo-common/src/test/resources/tasks/activities/task-200-subtask.xml
M repo/repo-common/src/test/resources/tasks/activities/task-210-suspending-composite-with-subtasks.xml
M repo/repo-common/src/test/resources/tasks/activities/task-220-mock-composite-with-subtasks.xml
M repo/repo-common/src/test/resources/tasks/activities/task-300-workers-simple.xml
M repo/repo-common/src/test/resources/tasks/activities/task-custom-composite-with-default-work-TODO.xml
M repo/repo-common/src/test/resources/tasks/activities/task-single-mock-part-bucketed-TODO.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-200-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-200-w.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-210-1.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-210-2.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-210-3.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-210-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-220-1.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-220-2.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-220-3.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-220-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-230-1.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-230-2.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-230-3.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-230-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-300-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-live/task-300-w.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-010.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-140.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-150.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-200-c.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-200-w.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-1.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-2.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-3.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-4.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-5.xml
M repo/repo-common/src/test/resources/tasks/bucketing-static/task-210-c.xml
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepoContext.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryConfiguration.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleServiceBase.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/qmodel/task/MTask.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/qmodel/task/QTaskMapping.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoAddDeleteObjectTest.java
M repo/repo-sql-impl-test/pom.xml
M repo/repo-sql-impl-test/src/main/java/com/evolveum/midpoint/repo/sql/util/HibernateToSqlTranslator.java
M repo/repo-sql-impl-test/src/test/java/com/evolveum/midpoint/repo/sql/BaseSQLRepoTest.java
M repo/repo-sql-impl-test/src/test/java/com/evolveum/midpoint/repo/sql/ExtensionTest.java
M repo/repo-sql-impl-test/src/test/java/com/evolveum/midpoint/repo/sql/OrgStructTest.java
M repo/repo-sql-impl-test/src/test/java/com/evolveum/midpoint/repo/sql/closure/AbstractOrgClosureTest.java
R repo/repo-sql-impl-test/src/test/java/com/evolveum/midpoint/repo/sql/util/JNDIMock.java
M repo/repo-sql-impl-test/src/test/resources/basic/objects-2.xml
M repo/repo-sql-impl-test/src/test/resources/basic/objects.xml
M repo/repo-sql-impl-test/src/test/resources/basic/tasks.xml
M repo/repo-sql-impl-test/src/test/resources/modify/system-configuration-after.xml
M repo/repo-sql-impl-test/src/test/resources/modify/system-configuration-before.xml
M repo/repo-sql-impl-test/testng-integration.xml
M repo/repo-sql-impl/pom.xml
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/Database.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlEmbeddedRepository.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditEventRecord.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditEventStage.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditEventType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditItem.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditPropertyValue.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RAuditReferenceValue.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RObjectDeltaOperation.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/audit/RTargetResourceOid.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RAbstractRole.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RAccessCertificationCampaign.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RAccessCertificationDefinition.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RArchetype.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RCase.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RConnector.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RConnectorHost.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RDashboard.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RFocus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RFocusPhoto.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RForm.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RFunctionLibrary.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RGenericObject.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RGlobalMetadata.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RLookupTable.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RMessageTemplate.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RNode.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RObject.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RObjectCollection.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RObjectReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RObjectTemplate.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RObjectTextInfo.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/ROrg.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/ROrgClosure.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RReport.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RReportData.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RResource.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RRole.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RSecurityPolicy.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RSequence.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RService.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RShadow.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RSystemConfiguration.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RTask.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RUser.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/RValuePolicy.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtBoolean.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtDate.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtLong.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtPolyString.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAExtString.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAnyConverter.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RAssignmentExtension.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/RExtItem.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtBoolean.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtDate.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtLong.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtPolyString.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/any/ROExtString.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RAccessCertificationCase.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RAccessCertificationWorkItem.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RAssignment.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RAssignmentReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RCaseWorkItem.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RCaseWorkItemReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RCertWorkItemReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RContainerReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/ROperationExecution.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/container/RTrigger.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/dictionary/ExtItemDictionary.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/RActivation.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/RAutoassignSpecification.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/REmbeddedNamedReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/REmbeddedReference.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/RFocusActivation.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/ROperationalState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/RPolyString.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/embedded/RTaskAutoScaling.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RAccessCertificationCampaignState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RActivationStatus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RAuthorizationDecision.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RAvailabilityStatus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RChangeType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RFailedOperationType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RLockoutStatus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RNodeOperationalState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/ROperationExecutionRecordType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/ROperationResultStatus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RResourceAdministrativeState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RShadowKind.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RSynchronizationSituation.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskAutoScalingMode.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskBinding.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskExecutionState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskRecurrence.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskSchedulingState.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskWaitingReason.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RThreadStopAction.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTimeIntervalStatus.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/other/RLookupTableRow.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/CertificationCaseHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/LookupTableHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectUpdater.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/OrgClosureManager.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/delta/GeneralUpdate.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/delta/ObjectDeltaUpdater.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/delta/UpdateDispatcher.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/modify/EntityRegistry.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/definition/ClassDefinitionParser.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/hqm/HibernateQuery.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/hqm/condition/SimpleComparisonCondition.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/matcher/Matcher.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/restriction/FullTextRestriction.java
A repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query/restriction/MatchMode.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/schemacheck/SchemaChecker.java
R repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/type/PrefixedStringType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/type/XMLGregorianCalendarType.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/type/package-info.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/GetAssignmentResult.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/GetCertificationWorkItemResult.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/GetContainerableIdOnlyResult.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/GetContainerableResult.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/GetObjectResult.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/MidPointJoinedPersister.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/MidPointOracleDialect.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/MidPointPostgreSQLDialect.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/MidPointSingleTablePersister.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/RUtil.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/ScrollableResultsIterator.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/UnicodeSQLServer2008Dialect.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/DataSourceFactory.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/GuiObjectDetailsPageAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/MetadataAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/TaskAsserter.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
M repo/security-impl/pom.xml
M repo/security-impl/src/test/resources/system-configuration.xml
M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditFactory.java
M repo/system-init/src/main/resources/initial-objects/archetype/501-archetype-task-reconciliation.xml
M repo/system-init/src/main/resources/initial-objects/archetype/502-archetype-task-recomputation.xml
M repo/system-init/src/main/resources/initial-objects/archetype/503-archetype-task-import.xml
M repo/system-init/src/main/resources/initial-objects/archetype/504-archetype-task-live-sync.xml
M repo/system-init/src/main/resources/initial-objects/archetype/505-archetype-task-async-update.xml
M repo/system-init/src/main/resources/initial-objects/archetype/506-archetype-task-cleanup.xml
M repo/system-init/src/main/resources/initial-objects/archetype/507-archetype-task-report.xml
M repo/system-init/src/main/resources/initial-objects/archetype/508-archetype-task-single-bulk-action.xml
M repo/system-init/src/main/resources/initial-objects/archetype/509-archetype-task-iterative-bulk-action.xml
M repo/system-init/src/main/resources/initial-objects/archetype/513-archetype-task-shadow-integrity-check.xml
M repo/system-init/src/main/resources/initial-objects/archetype/514-archetype-task-shadows-refresh.xml
M repo/system-init/src/main/resources/initial-objects/archetype/515-archetype-task-objects-delete.xml
M repo/system-init/src/main/resources/initial-objects/archetype/516-archetype-task-shadows-delete-long-time-not-updated.xml
M repo/system-init/src/main/resources/initial-objects/archetype/517-archetype-task-execute-change.xml
M repo/system-init/src/main/resources/initial-objects/archetype/518-archetype-task-execute-deltas.xml
M repo/system-init/src/main/resources/initial-objects/archetype/519-archetype-task-reindex-repository.xml
M repo/system-init/src/main/resources/initial-objects/archetype/520-archetype-task-certification.xml
M repo/system-init/src/main/resources/initial-objects/archetype/521-archetype-task-approval.xml
M repo/system-init/src/main/resources/initial-objects/archetype/522-archetype-task-object-integrity-check.xml
M repo/system-init/src/main/resources/initial-objects/archetype/528-archetype-task-util.xml
M repo/system-init/src/main/resources/initial-objects/archetype/529-archetype-task-system.xml
M repo/system-init/src/main/resources/initial-objects/archetype/530-archetype-task-validity.xml
M repo/system-init/src/main/resources/initial-objects/archetype/531-archetype-task-trigger.xml
M repo/system-init/src/main/resources/initial-objects/archetype/532-archetype-task-propagation.xml
M repo/system-init/src/main/resources/initial-objects/archetype/533-archetype-task-multi-propagation.xml
M repo/system-init/src/main/resources/initial-objects/system-configuration/000-system-configuration.xml
M repo/task-api/pom.xml
M repo/task-api/src/main/java/com/evolveum/midpoint/task/api/ClusterExecutionHelper.java
M repo/task-api/src/main/java/com/evolveum/midpoint/task/api/Task.java
R repo/task-api/src/main/java/com/evolveum/midpoint/task/api/TaskCategory.java
M repo/task-api/src/main/java/com/evolveum/midpoint/task/api/test/NullTaskImpl.java
M repo/task-quartz-impl/pom.xml
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/TaskManagerQuartzImpl.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/TaskQuartzImpl.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/cluster/ClusterExecutionHelperImpl.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/cluster/NodeRegistrar.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/execution/StalledTasksWatcher.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/execution/remote/RestConnector.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/handlers/JdbcPingTaskHandler.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/tasks/TaskRetriever.java
M repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/tracing/TracerImpl.java
M repo/task-quartz-impl/src/test/java/com/evolveum/midpoint/task/quartzimpl/TestTaskManagerBasic.java
M repo/task-quartz-impl/src/test/resources/basic/task-allowed-not.xml
M repo/task-quartz-impl/src/test/resources/basic/task-allowed.xml
M repo/task-quartz-impl/src/test/resources/basic/task-cycle-loose-cron.xml
M repo/task-quartz-impl/src/test/resources/basic/task-cycle-loose.xml
M repo/task-quartz-impl/src/test/resources/basic/task-cycle-tight.xml
M repo/task-quartz-impl/src/test/resources/basic/task-dummy.xml
M repo/task-quartz-impl/src/test/resources/basic/task-for-extension-test.xml
M repo/task-quartz-impl/src/test/resources/basic/task-group-limit-concurrent.xml
M repo/task-quartz-impl/src/test/resources/basic/task-group-limit.xml
M repo/task-quartz-impl/src/test/resources/basic/task-long-running.xml
M repo/task-quartz-impl/src/test/resources/basic/task-non-existing-owner.xml
M repo/task-quartz-impl/src/test/resources/basic/task-run-on-demand.xml
M repo/task-quartz-impl/src/test/resources/basic/task-sec-group-limit-exp-1-ram-1.xml
M repo/task-quartz-impl/src/test/resources/basic/task-sec-group-limit-exp-1.xml
M repo/task-quartz-impl/src/test/resources/basic/task-sec-group-limit-ram-null.xml
M repo/task-quartz-impl/src/test/resources/basic/task-simple-waiting.xml
M repo/task-quartz-impl/src/test/resources/basic/task-single-run.xml
M repo/task-quartz-impl/src/test/resources/basic/task-suspended-tree-child-1-1.xml
M repo/task-quartz-impl/src/test/resources/basic/task-suspended-tree-child-1.xml
M repo/task-quartz-impl/src/test/resources/basic/task-suspended-tree-child-2.xml
M repo/task-quartz-impl/src/test/resources/basic/task-suspended-tree-root.xml
M repo/task-quartz-impl/src/test/resources/basic/task-to-delete.xml
M repo/task-quartz-impl/src/test/resources/basic/task-to-resume-and-suspend.xml
M repo/task-quartz-impl/src/test/resources/basic/task-to-suspend.xml
M repo/task-quartz-impl/src/test/resources/basic/task-tree-child-1.xml
M repo/task-quartz-impl/src/test/resources/basic/task-tree-child-2.xml
M repo/task-quartz-impl/src/test/resources/basic/task-tree-root.xml
M repo/task-quartz-impl/src/test/resources/basic/task-waiting-for-no-one.xml
M repo/task-quartz-impl/src/test/resources/basic/task-with-threads-to-suspend.xml
M repo/task-quartz-impl/src/test/resources/basic/task-with-threads.xml
M repo/task-quartz-impl/src/test/resources/basic/task-without-progress.xml
M repo/task-quartz-impl/src/test/resources/basic/tasks-for-cleanup.xml
M repo/task-quartz-impl/src/test/resources/miscellaneous/task-42-closed.xml
M repo/task-quartz-impl/src/test/resources/miscellaneous/task-42-runnable.xml
M repo/task-quartz-impl/src/test/resources/miscellaneous/task-42-suspended.xml
M repo/task-quartz-impl/src/test/resources/miscellaneous/task-42-waiting.xml
M testing/conntest/pom.xml
M testing/conntest/src/test/resources/389ds/task-sync-inetorgperson.xml
M testing/conntest/src/test/resources/389ds/task-sync.xml
M testing/conntest/src/test/resources/ad-ldap-multidomain/task-reconcile-ad2016-users.xml
M testing/conntest/src/test/resources/ad-ldap-multidomain/task-reconcile-ad2019-users.xml
M testing/conntest/src/test/resources/ad-ldap-multidomain/task-reconcile-ad2022-users.xml
M testing/conntest/src/test/resources/ad-ldap-multidomain/task-reconcile-chimera-users.xml
M testing/conntest/src/test/resources/ad-ldap-multidomain/task-sync.xml
M testing/conntest/src/test/resources/ad-ldap-simple/task-sync-user.xml
M testing/conntest/src/test/resources/ad-ldap-simple/task-sync.xml
M testing/conntest/src/test/resources/opendj-dumber/task-sync-inetorgperson.xml
M testing/conntest/src/test/resources/opendj-dumber/task-sync.xml
M testing/conntest/src/test/resources/opendj/task-sync-inetorgperson.xml
M testing/conntest/src/test/resources/openldap-dumber/task-sync-inetorgperson.xml
M testing/conntest/src/test/resources/openldap/task-sync-inetorgperson.xml
M testing/longtest/pom.xml
M testing/longtest/src/test/resources/ldap/task-delete-opendj-accounts.xml
M testing/longtest/src/test/resources/ldap/task-delete-opendj-shadows.xml
M testing/rest/pom.xml
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/AbstractRestServiceInitializer.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestAbstractRestService.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestRestServiceJson.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestRestServiceProxyAuthentication.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestRestServiceXml.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestRestWithoutAuditingLoginAndLogout.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestSchemaRestService.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestSecurityQuestionChallengeResponse.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/TestAbstractAuthentication.java
R testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/TestAbstractOidcRestModule.java
R testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/TestOidcRestAuthByHMacModule.java
R testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/TestOidcRestAuthByPublicKeyModule.java
M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/TestOptionForSkipUpdatingAuthFocusBehavior.java
A testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/oidc/TestAbstractOidcRestModule.java
A testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/oidc/TestAzureOidcRestAuthModule.java
A testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/authentication/oidc/TestKeycloakOidcRestAuthModule.java
A testing/rest/src/test/resources/authentication/configuration/oidc.properties
R testing/rest/src/test/resources/authentication/keycloak-hmac.json
R testing/rest/src/test/resources/authentication/keycloak-public-key.json
A testing/rest/src/test/resources/authentication/keycloak.json
M testing/rest/src/test/resources/authentication/repo/security-policy-default.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-disabled.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-enabled.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-issuer-uri.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-jws-uri-wrong-alg.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-jws-uri.xml
A testing/rest/src/test/resources/authentication/repo/security-policy-public-key-keystore.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-public-key-wrong-alg.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-public-key.xml
R testing/rest/src/test/resources/authentication/repo/security-policy-symmetric-key-wrong-alg.xml
R testing/rest/src/test/resources/authentication/repo/security-policy-symmetric-key.xml
M testing/rest/src/test/resources/authentication/repo/security-policy-unsuccessful.xml
A testing/rest/src/test/resources/authentication/repo/security-policy-user-info-uri.xml
A testing/rest/src/test/resources/authentication/repo/security-policy-wrong-attribute-name.xml
A testing/rest/src/test/resources/authentication/repo/user-admin-azure.xml
M testing/rest/src/test/resources/repo/security-policy-no-history.xml
M testing/rest/src/test/resources/repo/security-policy.xml
A testing/rest/testng-authentication.xml
M testing/story/pom.xml
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestConfiguredCapabilitiesActivation.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestPlentyOfAssignments.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestStrings.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/async/TestAsyncProvisioning.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/consistency/TestConsistencyMechanism.java
M testing/story/src/test/resources/async/system-configuration.xml
M testing/story/src/test/resources/async/task-recompute-multi.xml
M testing/story/src/test/resources/buckets/system-configuration.xml
M testing/story/src/test/resources/common/archetype-task-recomputation.xml
M testing/story/src/test/resources/common/system-configuration.xml
M testing/story/src/test/resources/common/task-trigger-scanner.xml
M testing/story/src/test/resources/common/task-validity-scanner.xml
M testing/story/src/test/resources/consistency/task-opendj-reconciliation.xml
M testing/story/src/test/resources/correlation/idmatch/simple/resource-sis.xml
M testing/story/src/test/resources/correlation/system-configuration.xml
M testing/story/src/test/resources/counts/system-configuration.xml
M testing/story/src/test/resources/delayed-enable/task-dumy-hr-livesync.xml
M testing/story/src/test/resources/energy/task-reconcile-ad.xml
M testing/story/src/test/resources/grouper/system-configuration.xml
M testing/story/src/test/resources/grouper/task-async-update.xml
M testing/story/src/test/resources/grouper/task-group-scavenger.xml
M testing/story/src/test/resources/grouper/task-import-groups.xml
M testing/story/src/test/resources/grouper/task-reconcile-groups.xml
M testing/story/src/test/resources/import-group/task-opendj-import-groups.xml
M testing/story/src/test/resources/inbound-outbound-association/task-dumy-dir-livesync.xml
M testing/story/src/test/resources/ldap/assoc-perf/system-configuration-no-role-cache.xml
M testing/story/src/test/resources/ldap/assoc-perf/system-configuration.xml
M testing/story/src/test/resources/ldap/assoc-perf/task-recompute-1.xml
M testing/story/src/test/resources/ldap/assoc-perf/task-recompute-4.xml
M testing/story/src/test/resources/ldap/assoc-perf/task-recompute-no-role-and-shadow-cache.xml
M testing/story/src/test/resources/ldap/recon-perf/task-reconcile-1-opendj.xml
M testing/story/src/test/resources/ldap/recon-perf/task-reconcile-4-opendj.xml
M testing/story/src/test/resources/ldap/sync-massive/task-live-sync.xml
M testing/story/src/test/resources/livesync-madness/task-dumy-hr-livesync.xml
M testing/story/src/test/resources/mapleLeaf/security-policy.xml
M testing/story/src/test/resources/mapleLeaf/system-configuration.xml
M testing/story/src/test/resources/mapping-madness/system-configuration.xml
M testing/story/src/test/resources/normalizers/system-configuration-normalizer-ascii7.xml
M testing/story/src/test/resources/orgsync/task-reconcile-opendj-default-single.xml
M testing/story/src/test/resources/orgsync/task-reconcile-opendj-ldapgroup-single.xml
M testing/story/src/test/resources/orphaned-tasks/task-mark-orphaned-tasks.xml
M testing/story/src/test/resources/perf/import/system-configuration.xml
M testing/story/src/test/resources/perf/import/task-import.xml
M testing/story/src/test/resources/resource-in-maintenance/task-reconcile-csv.xml
M testing/story/src/test/resources/resource-in-maintenance/task-refresh.xml
M testing/story/src/test/resources/service-accounts-classifier/task-dummy-classifier-reconcile.xml
M testing/story/src/test/resources/service-accounts/task-dummy-livesync.xml
M testing/story/src/test/resources/service-accounts/task-dummy-reconcile.xml
M testing/story/src/test/resources/shadows/system-configuration.xml
M testing/story/src/test/resources/shadows/task-bulk-delete.xml
M testing/story/src/test/resources/shadows/task-import.xml
M testing/story/src/test/resources/shadows/task-reconciliation.xml
M testing/story/src/test/resources/system-perf/system-configuration.xml
M testing/story/src/test/resources/system-perf/task-reconciliation.vm.xml
M testing/story/src/test/resources/thresholds/system-configuration.xml
M testing/story/src/test/resources/thresholds/task-opendj-import-base-users.xml
M testing/story/src/test/resources/thresholds/task-opendj-livesync-full.xml
M testing/story/src/test/resources/university/task-dummy-hr-livesync.xml
M testing/story/src/test/resources/uuid/system-configuration-client.xml
M testing/story/src/test/resources/uuid/system-configuration-extension.xml
M testing/story/src/test/resources/village/system-configuration.xml
M testing/story/src/test/resources/village/task-dumy-source-livesync.xml
M tools/ninja/pom.xml
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/BaseMiningOptions.java
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningConsumerWorker.java
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningOptions.java
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningProducerWorker.java
A tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningRepositoryAction.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/impl/Command.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/util/NinjaUtils.java
M tools/ninja/src/main/resources/messages.properties
Log Message:
-----------
Merge branch 'master' into feature/autz-improvements
# Conflicts:
# model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
# repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
Commit: e3c1908793289879c84329a8d0b0316bf8961385
https://github.com/Evolveum/midpoint/commit/e3c1908793289879c84329a8d0b0316bf8961385
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
Log Message:
-----------
Fix the code after merge
Commit: 96a813832509c69f0757e28128156bdbb2eefb29
https://github.com/Evolveum/midpoint/commit/96a813832509c69f0757e28128156bdbb2eefb29
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
M repo/security-api/pom.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
Log Message:
-----------
Fix Authorization non-serializable bug
Commit: 6dff79b0e5df911f5520ad8737489a9d26fbb9f8
https://github.com/Evolveum/midpoint/commit/6dff79b0e5df911f5520ad8737489a9d26fbb9f8
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-06 (Tue, 06 Jun 2023)
Changed paths:
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SubtypeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M model/authentication-impl/src/test/resources/common/system-configuration.xml
Log Message:
-----------
Re-add support for "subtype" selector clause
(At least temporarily until its fate is decided.)
Commit: 819d69f444618cc11a9a815d3e5aa0f6e1667a6b
https://github.com/Evolveum/midpoint/commit/819d69f444618cc11a9a815d3e5aa0f6e1667a6b
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M infra/schema/src/main/resources/xml/ns/public/common/common-gui-3.xsd
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
Log Message:
-----------
schema cleanup: AdminGuiConfigurationType.userDashboard usage removal
Commit: 27cc3ca3a547060f36c72cf832e4a58614c5daeb
https://github.com/Evolveum/midpoint/commit/27cc3ca3a547060f36c72cf832e4a58614c5daeb
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
Log Message:
-----------
schema cleanup: removed some earlier analyzed elements
Commit: c9f3fec9d0bfae4f204bba15b82387fde822afd4
https://github.com/Evolveum/midpoint/commit/c9f3fec9d0bfae4f204bba15b82387fde822afd4
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentEditorDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDeputyUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/util/DeputyUtils.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/AbstractWfTest.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/ExpectedWorkItem.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestDelegation.java
M model/workflow-impl/src/test/resources/approval-task-owner/role-approver.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy-limited.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
Log Message:
-----------
Resolve deprecated approvalWorkItems container
OtherPrivilegesLimitationType.approvalWorkItems was deprecated in 4.0,
but it was - by mistake - in use up to (excluding) 4.8. This commit
tries to resolve this: The legacy form is used just as a default value
for the new one (caseManagementWorkItems). This is a preparation for
complete removal of the item in the future.
Other changes:
- Workflow tests are adapted to the recent changes in authorization
processing.
Commit: e5610207463f87222f7ab3e91b2efb912fbfd18c
https://github.com/Evolveum/midpoint/commit/e5610207463f87222f7ab3e91b2efb912fbfd18c
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M repo/security-api/pom.xml
Log Message:
-----------
Add missing dependency
Commit: 7969742a236a5c64ccb82fbf522a0d94d5218193
https://github.com/Evolveum/midpoint/commit/7969742a236a5c64ccb82fbf522a0d94d5218193
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M model/model-intest/src/test/resources/common/role-pirate.xml
Log Message:
-----------
tests fix
Commit: c5a285a01acf32d156d0d200a6daa4096827f5e2
https://github.com/Evolveum/midpoint/commit/c5a285a01acf32d156d0d200a6daa4096827f5e2
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ReadConstraintsApplicator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/CompileConstraintsOptions.java
R repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/CompileConstraintsOperation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectOperationConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSpecParser.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Specification.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
Log Message:
-----------
Remove obsolete ObjectOperationConstraints
The handling of lens element context was migrated to newer
PrismEntityOpConstraints (although with some limitations:
sub-object selectors are ignored, see the javadocs for explanation).
Commit: df63b46f0812e923c548aa7b17e2a3d48beb3bfa
https://github.com/Evolveum/midpoint/commit/df63b46f0812e923c548aa7b17e2a3d48beb3bfa
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/ParsedGetOperationOptions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
R model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ReadConstraintsApplicator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataPolicyProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DefinitionAccessProcessor.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
Log Message:
-----------
Split SchemaTransformer to smaller parts
Commit: 1e3a662c7b25e215844f15e464796f77a72d8bd1
https://github.com/Evolveum/midpoint/commit/1e3a662c7b25e215844f15e464796f77a72d8bd1
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/PredefinedDashboardWidgetId.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/dashboard/PageSelfDashboard.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledGuiProfile.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/CompiledGuiProfileAsserter.java
M repo/system-init/src/main/resources/initial-objects/system-configuration/000-system-configuration.xml
Log Message:
-----------
userDashboard cleanup in compiledGuiProfile
Commit: a06a32013f33aefbe7b8273e1ae583d6554cca3c
https://github.com/Evolveum/midpoint/commit/a06a32013f33aefbe7b8273e1ae583d6554cca3c
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/PredefinedDashboardWidgetId.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/dashboard/PageSelfDashboard.java
M infra/schema/src/main/resources/xml/ns/public/common/common-gui-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledGuiProfile.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-intest/src/test/resources/common/role-pirate.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/CompiledGuiProfileAsserter.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
M repo/system-init/src/main/resources/initial-objects/system-configuration/000-system-configuration.xml
Log Message:
-----------
Merge branch 'master' into feature/autz-improvements
Commit: a4634d008fd42cd18e43009691a7b69740f80687
https://github.com/Evolveum/midpoint/commit/a4634d008fd42cd18e43009691a7b69740f80687
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/PredefinedDashboardWidgetId.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/dashboard/PageSelfDashboard.java
M infra/schema/src/main/resources/xml/ns/public/common/common-gui-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/CompiledGuiProfile.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-intest/src/test/resources/common/role-pirate.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/CompiledGuiProfileAsserter.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
M repo/system-init/src/main/resources/initial-objects/system-configuration/000-system-configuration.xml
Log Message:
-----------
Merge remote-tracking branch 'origin/master' into feature/shadow-metadata
Commit: f2c1ea7864baaf14f1415b2b00f84520d11b2f68
https://github.com/Evolveum/midpoint/commit/f2c1ea7864baaf14f1415b2b00f84520d11b2f68
Author: tchrapovic <chrapovic.tadeas at gmail.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/component/RoleMiningExportOperation.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningConsumerWorker.java
Log Message:
-----------
Fix for mining export NPE
Commit: 18f75aad97ee0d320f12a82366cca07c30b6a79d
https://github.com/Evolveum/midpoint/commit/18f75aad97ee0d320f12a82366cca07c30b6a79d
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
Log Message:
-----------
test fix
Commit: d31ec352c47797d337a348b370cb176a5f72531a
https://github.com/Evolveum/midpoint/commit/d31ec352c47797d337a348b370cb176a5f72531a
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentEditorDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceContentPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageAttorneySelection.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/AccessDecision.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/ParsedGetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/SelectorOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseApplicabilityPredicate.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseProcessingContextDescription.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilterCollector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingTracer.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectFilterExpressionEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OrgTreeEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OwnerResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceEvent.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceRecord.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/package-info.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ParentClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RoleRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelectorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SubtypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TenantClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/package-info.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDeputyUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
M model/authentication-impl/src/test/resources/common/system-configuration.xml
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/util/DeputyUtils.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/FocusComputer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataPolicyProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DefinitionAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/LinkedObjectsFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensOwnerResolver.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetInducementEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/DeltaExecution.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AutoAssignMappingCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/ObjectSet.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/ActivationDescriptionHandler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestCaseIgnore.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestEntitlements.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/AbstractArchetypesTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/AbstractPersonaTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/access-certification-campaign-1.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-2.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-3.xml
M model/model-intest/src/test/resources/security/case-4.xml
A model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
A model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/model-intest/src/test/resources/security/role-filter-object-modify-caribbean.xml
M model/model-intest/src/test/resources/security/role-read-jacks-campaigns.xml
A model/model-intest/src/test/resources/security/role-show-delegation-assignments.xml
A model/model-intest/src/test/resources/security/role-show-my-assignments-and-accesses.xml
A model/model-intest/src/test/resources/security/role-show-my-requesters.xml
A model/model-intest/src/test/resources/security/role-show-roles-inducing-my-role.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/AbstractWfTest.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/ExpectedWorkItem.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestDelegation.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M model/workflow-impl/src/test/resources/approval-task-owner/role-approver.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy-limited.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyParallelism.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjNegative.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
R repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/handlers/SearchOpHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionUtil.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/CertificationCaseHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryContext.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryExecutor.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCampaignAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseFinder.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCasesAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerValueAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismObjectAsserter.java
M repo/security-api/pom.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipalManager.java
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OwnerResolver.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/CompileConstraintsOptions.java
R repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/pom.xml
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Beans.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/CompileConstraintsOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionFunction.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectOperationConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSecurityConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSpecParser.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/PhaseSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Specification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TopDownSpecification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverage.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismItemCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapConnTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/big/AbstractAdLdapBigTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/simple/AbstractAdLdapSimpleTest.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdap.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/security/TestRoleMembers.java
Log Message:
-----------
Merge branch 'master' of https://github.com/Evolveum/midpoint
Commit: d404107a460cf4150f8fc75a39882296678e1a0a
https://github.com/Evolveum/midpoint/commit/d404107a460cf4150f8fc75a39882296678e1a0a
Author: tchrapovic <chrapovic.tadeas at gmail.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentEditorDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceContentPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageAttorneySelection.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/AccessDecision.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/ParsedGetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/SelectorOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseApplicabilityPredicate.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseProcessingContextDescription.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilterCollector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingTracer.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectFilterExpressionEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OrgTreeEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OwnerResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceEvent.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceRecord.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/package-info.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ParentClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RoleRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelectorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SubtypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TenantClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/package-info.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDeputyUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
M model/authentication-impl/src/test/resources/common/system-configuration.xml
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/util/DeputyUtils.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/FocusComputer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataPolicyProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DefinitionAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/LinkedObjectsFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensOwnerResolver.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetInducementEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/DeltaExecution.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AutoAssignMappingCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/ObjectSet.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/ActivationDescriptionHandler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestCaseIgnore.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestEntitlements.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/AbstractArchetypesTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/AbstractPersonaTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/access-certification-campaign-1.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-2.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-3.xml
M model/model-intest/src/test/resources/security/case-4.xml
A model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
A model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/model-intest/src/test/resources/security/role-filter-object-modify-caribbean.xml
M model/model-intest/src/test/resources/security/role-read-jacks-campaigns.xml
A model/model-intest/src/test/resources/security/role-show-delegation-assignments.xml
A model/model-intest/src/test/resources/security/role-show-my-assignments-and-accesses.xml
A model/model-intest/src/test/resources/security/role-show-my-requesters.xml
A model/model-intest/src/test/resources/security/role-show-roles-inducing-my-role.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/AbstractWfTest.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/ExpectedWorkItem.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestDelegation.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M model/workflow-impl/src/test/resources/approval-task-owner/role-approver.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy-limited.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyParallelism.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjNegative.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
R repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/handlers/SearchOpHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionUtil.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/CertificationCaseHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryContext.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryExecutor.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCampaignAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseFinder.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCasesAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerValueAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismObjectAsserter.java
M repo/security-api/pom.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipalManager.java
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OwnerResolver.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/CompileConstraintsOptions.java
R repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/pom.xml
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Beans.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/CompileConstraintsOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionFunction.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectOperationConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSecurityConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSpecParser.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/PhaseSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Specification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TopDownSpecification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverage.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismItemCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapConnTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/big/AbstractAdLdapBigTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/simple/AbstractAdLdapSimpleTest.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdap.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/security/TestRoleMembers.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Commit: 51314d35a0f42e13217f8b8fff3cfe910076b722
https://github.com/Evolveum/midpoint/commit/51314d35a0f42e13217f8b8fff3cfe910076b722
Author: Kateryna Honchar <gonchar.kate at gmail.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/component/RoleMiningExportOperation.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningConsumerWorker.java
Log Message:
-----------
Merge branch 'master' of https://github.com/Evolveum/midpoint
Commit: c97e31dc41dc8dd0049e1787088f79e8b8ef66e3
https://github.com/Evolveum/midpoint/commit/c97e31dc41dc8dd0049e1787088f79e8b8ef66e3
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AccessCertificationService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/EvaluatedAssignmentImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetPayloadEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetsEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractAssignmentEvaluatorTest.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/resources/security/case-4.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SimulationsBaselineTest.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationLimitationsCollector.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
Log Message:
-----------
Start implementing new governance authorizations
The authorizations like #readOwnCertificationDecisions are now
deprecated. To allow smooth transition, their up-to-date equivalents
will be provided on the fly by AuthorizationMigrator class.
Other changes:
- Implemented "assignee" clause for certification cases and work items.
- Changed the semantics of "assignee" clause to cover not only assignees
of open work items, but all assignees of all work items.
- MidPointPrincipal#getAuthorities now returns unmodifiable collection
(because of safety reasons).
Commit: 92c18600cdb98a2973a0eb9c6c4f0bbe478770fa
https://github.com/Evolveum/midpoint/commit/92c18600cdb98a2973a0eb9c6c4f0bbe478770fa
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCloserHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertOpenerHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageApproachingTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationClosingTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationRemediationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCertificationBasic.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCriticalRolesCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestManualEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestSoDCertification.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
Log Message:
-----------
Remove "search work items" magic from cert manager
Previously, searchOpenWorkItems and countOpenWorkItems methods were
implemented in certification manager, with custom processing
of authorizations - because model controller lacked this functionality.
After searchContainers authorizations were implemented properly, this
commit removes that custom implementation, and redirects the calls
to search/count methods in ModelController.
Commit: f7ff2db819f92a048a6505d3a44c84c50fb8ef29
https://github.com/Evolveum/midpoint/commit/f7ff2db819f92a048a6505d3a44c84c50fb8ef29
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointAllowAllAuthorizationEvaluator.java
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationCaseId.java
A model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationWorkItemId.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
A model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/WorkItemInContext.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AbstractAuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
Log Message:
-----------
Migrate cert decision recording to new autz
Instead of hardcoded authorization logic for certification decision
recording that used #all and #recordCertificationDecision (for own
decisions), we now use general parameterized #completeWorkItem action.
The legacy #recordCertificationDecision is automatically converted
to the new action on the fly (in memory).
To do that, this commit provides preliminary implementation of
sub-object authorization parameters.
Commit: 174ee09a9f485a3329b9324511e0c994b6ba0361
https://github.com/Evolveum/midpoint/commit/174ee09a9f485a3329b9324511e0c994b6ba0361
Author: lskublik <lskublik at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M model/certification-api/pom.xml
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
Log Message:
-----------
fix for compilation errors
Commit: 133b4d325d0c814e15e06ba631ef5f1863b88ee1
https://github.com/Evolveum/midpoint/commit/133b4d325d0c814e15e06ba631ef5f1863b88ee1
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
Log Message:
-----------
Fix checkstyle problem
Commit: 8584bb648cd71f104100747214a1b99a95a3dfba
https://github.com/Evolveum/midpoint/commit/8584bb648cd71f104100747214a1b99a95a3dfba
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M model/certification-api/pom.xml
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Commit: 6cfba2458abde3feafdfffbc1a4b198d529681d0
https://github.com/Evolveum/midpoint/commit/6cfba2458abde3feafdfffbc1a4b198d529681d0
Author: Katarina Valalikova <k.valalikova at evolveum.com>
Date: 2023-06-09 (Fri, 09 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/PropertySearchItemWrapper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/ReferenceSearchItemWrapper.java
Log Message:
-----------
better support for expression filters when using reference parameters. (related to MID-8893)
Commit: 08657c345b7665c03f6d5afccd1562fedb6a298d
https://github.com/Evolveum/midpoint/commit/08657c345b7665c03f6d5afccd1562fedb6a298d
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/CaseWorkItemActionsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/CandidateAssigneeClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/WorkItemId.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/CaseManager.java
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/CaseManagerImpl.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/helpers/AuthorizationHelper.java
M model/certification-api/pom.xml
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/GuiProfiledPrincipal.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentPathImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestGuiProfiledPrincipalManager.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractEmptyModelIntegrationTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractEmptySecurityTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
R model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityGovernance.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/governance/case-request-1-role-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-1-role-2.xml
A model/model-intest/src/test/resources/security/governance/case-request-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-2-role-3.xml
A model/model-intest/src/test/resources/security/governance/case-request-2.xml
A model/model-intest/src/test/resources/security/governance/org-wheel.xml
A model/model-intest/src/test/resources/security/governance/role-1.xml
A model/model-intest/src/test/resources/security/governance/role-2.xml
A model/model-intest/src/test/resources/security/governance/role-3.xml
A model/model-intest/src/test/resources/security/governance/role-approver-common-parts.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-new.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-with-candidates.xml
A model/model-intest/src/test/resources/security/governance/user-1.xml
A model/model-intest/src/test/resources/security/governance/user-approver1.xml
A model/model-intest/src/test/resources/security/governance/user-approver2.xml
A model/model-intest/src/test/resources/security/governance/user-approver3.xml
A model/model-intest/src/test/resources/security/governance/user-wheel-member1.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/SpringApplicationContextHolder.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/StageComputeHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/itemApproval/ApprovalSchemaHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/cases/CaseStageOpening.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/assignments/AbstractTestAssignmentApproval.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/objects/AbstractTestObjectLifecycleApproval.java
M model/workflow-impl/src/test/resources/assignments/user-jack-deputy.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy1.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy2.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M model/workflow-impl/src/test/resources/common/user-jack.xml
M model/workflow-impl/src/test/resources/miscellaneous/user-scrooge.xml
M model/workflow-impl/src/test/resources/objects-advanced/user-employee-owner.xml
M model/workflow-impl/src/test/resources/objects/user-pirate-owner.xml
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
M repo/security-api/pom.xml
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OtherPrivilegesLimitations.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/pom.xml
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
Log Message:
-----------
Migrate case mgmt authorizations to new style (#1)
Added support for #completeWorkItem and #delegateWorkItem in case mgmt
module. The legacy #delegateOwnWorkItems authorization is interpreted
as #delegateWorkItem with appropriate selector.
In particular:
- Added new "candidateAssignee" clause to enable providing #read autz
to candidate assignees (and their deputies).
- Reworked treatment of "other privileges limitations" in
MidPointPrincipal. Fixed handling of those limitations during
the evaluation of selector clauses.
- Explicitly marking "assignee" clause as supporting only "self"
object selector during searching. (This was in fact so from the
beginning, but only now it's documented and checked.)
Work in progress. #completeAllWorkItems and #delegateAllWorkItems remain
to be migrated. Some tests may fail.
Commit: eb5272556322caa5dca2c54934958f3939b5adda
https://github.com/Evolveum/midpoint/commit/eb5272556322caa5dca2c54934958f3939b5adda
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
M testing/story/src/test/resources/strings/roles/role-end-user.xml
M testing/story/src/test/resources/strings/users/lechuck.xml
Log Message:
-----------
Adapt TestStrings to new case mgmt autz
The new #completeWorkItem authorization introduced in
08657c345b7665c03f6d5afccd1562fedb6a298d had to be added to users
in this test.
Commit: d36b9396f3494ee201679f6e96e23b46751b9af1
https://github.com/Evolveum/midpoint/commit/d36b9396f3494ee201679f6e96e23b46751b9af1
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/PropertySearchItemWrapper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/ReferenceSearchItemWrapper.java
Log Message:
-----------
Merge branch 'master' into feature/autz-improvements
# Conflicts:
# model/certification-api/pom.xml
Commit: 10be1c00f069ff68fa6a10a19e615dd8624f1d20
https://github.com/Evolveum/midpoint/commit/10be1c00f069ff68fa6a10a19e615dd8624f1d20
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
Log Message:
-----------
Fix failing SqaleRepoModifyObjectTest
Commit: 8c2466245dffe6a0916ea49df888c0fede4c8a3f
https://github.com/Evolveum/midpoint/commit/8c2466245dffe6a0916ea49df888c0fede4c8a3f
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-06-10 (Sat, 10 Jun 2023)
Changed paths:
A infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AccessCertificationCaseId.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AccessCertificationWorkItemId.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/WorkItemId.java
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
R model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationCaseId.java
R model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/AccessCertificationWorkItemId.java
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertOpenerHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertReviewersHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/handlers/DirectAssignmentCertificationHandler.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityGovernance.java
A model/model-intest/src/test/resources/security/governance/campaign-assignments-1.xml
M model/model-intest/src/test/resources/security/governance/role-approver-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-common-parts.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-standard-new.xml
A model/model-intest/src/test/resources/security/governance/role-super-approver-legacy.xml
R model/model-intest/src/test/resources/security/governance/user-approver1.xml
R model/model-intest/src/test/resources/security/governance/user-approver2.xml
R model/model-intest/src/test/resources/security/governance/user-approver3.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-1.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-2-1.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-2.xml
A model/model-intest/src/test/resources/security/governance/user-manager1.xml
A model/model-intest/src/test/resources/security/governance/user-manager2.xml
A model/model-intest/src/test/resources/security/governance/user-manager3.xml
A model/model-intest/src/test/resources/security/governance/user-manager4.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/util/AccessCertificationSupportMixin.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/util/CaseSupportMixin.java
Log Message:
-----------
Migrate legacy case/cert authorizations (#2)
This commit completes the work on migration of legacy work item level
authorizations (evaluated by custom code in cases and certification
modules) to new ones, evaluated by the security enforcer.
Commit: 0cc21a6cea55c228769f7567d5fb611a318e9a5f
https://github.com/Evolveum/midpoint/commit/0cc21a6cea55c228769f7567d5fb611a318e9a5f
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2023-06-12 (Mon, 12 Jun 2023)
Changed paths:
M config/sql/native-new/postgres-new-upgrade-audit.sql
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/PropertySearchItemWrapper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/wrapper/ReferenceSearchItemWrapper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentEditorDto.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/DelegationEditorPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/CaseWorkItemActionsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/MyCaseWorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/cases/PageCaseWorkItemsAllocatedToMe.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/component/RoleMiningExportOperation.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/ResourceContentPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageAttorneySelection.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/AccessDecision.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/ParsedGetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/SelectorOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseApplicabilityPredicate.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseFilteringContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseMatchingContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ClauseProcessingContextDescription.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/FilterCollector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/MatchingTracer.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectFilterExpressionEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/ObjectResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OrgTreeEvaluator.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/OwnerResolver.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/SubjectedEvaluationContext.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceEvent.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/TraceRecord.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/eval/package-info.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ArchetypeRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/AssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/CandidateAssigneeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/FilterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRefClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OrgRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/OwnerClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ParentClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RelatedObjectClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RequesterClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/RoleRelationClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelectorClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SubtypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TenantClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/TypeClause.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/package-info.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AccessCertificationCaseId.java
A infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AccessCertificationWorkItemId.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/CertCampaignTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectQueryUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SchemaDeputyUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/WorkItemId.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/cases/CaseTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointAllowAllAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
M model/authentication-impl/src/test/resources/common/system-configuration.xml
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/CaseManager.java
M model/cases-api/src/main/java/com/evolveum/midpoint/cases/api/util/QueryUtils.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/CaseManagerImpl.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/helpers/AuthorizationHelper.java
M model/certification-api/pom.xml
M model/certification-api/src/main/java/com/evolveum/midpoint/certification/api/CertificationManager.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCaseOperationsHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertCloserHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertOpenerHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertQueryHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertReviewersHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertTimedActionTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccCertUpdateHelper.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationCloseStageApproachingTriggerHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationClosingTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/AccessCertificationRemediationTaskHandler.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/CertificationManagerImpl.java
A model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/WorkItemInContext.java
M model/certification-impl/src/main/java/com/evolveum/midpoint/certification/impl/handlers/DirectAssignmentCertificationHandler.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCertificationBasic.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCriticalRolesCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestManualEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestSoDCertification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/AccessCertificationService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/RoleSelectionSpecification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/GuiProfiledPrincipal.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/EvaluatedAssignment.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/util/DeputyUtils.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/FocusComputer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelBeans.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/CollectionProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataPolicyProcessor.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DefinitionAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/LinkedObjectsFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensOwnerResolver.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/AssignmentPathImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/EvaluatedAssignmentImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetInducementEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetPayloadEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetsEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/executor/DeltaExecution.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AssignmentProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/focus/AutoAssignMappingCollector.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/ObjectSet.java
A model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfileCompiler.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/visualizer/ActivationDescriptionHandler.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractAssignmentEvaluatorTest.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestGuiProfiledPrincipalManager.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/util/mock/MockFactory.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractEmptyModelIntegrationTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestCaseIgnore.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestEntitlements.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/archetypes/AbstractArchetypesTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/persona/AbstractPersonaTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractEmptySecurityTest.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
R model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityGovernance.java
A model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMedium.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityMultitenant.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.java
A model/model-intest/src/test/resources/security/access-certification-campaign-1.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-2.xml
A model/model-intest/src/test/resources/security/access-certification-campaign-3.xml
M model/model-intest/src/test/resources/security/case-4.xml
A model/model-intest/src/test/resources/security/governance/campaign-assignments-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-1-role-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-1-role-2.xml
A model/model-intest/src/test/resources/security/governance/case-request-1.xml
A model/model-intest/src/test/resources/security/governance/case-request-2-role-3.xml
A model/model-intest/src/test/resources/security/governance/case-request-2.xml
A model/model-intest/src/test/resources/security/governance/org-wheel.xml
A model/model-intest/src/test/resources/security/governance/role-1.xml
A model/model-intest/src/test/resources/security/governance/role-2.xml
A model/model-intest/src/test/resources/security/governance/role-3.xml
A model/model-intest/src/test/resources/security/governance/role-approver-common-parts.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-new.xml
A model/model-intest/src/test/resources/security/governance/role-approver-standard-with-candidates.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-common-parts.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-standard-legacy.xml
A model/model-intest/src/test/resources/security/governance/role-reviewer-standard-new.xml
A model/model-intest/src/test/resources/security/governance/role-super-approver-legacy.xml
A model/model-intest/src/test/resources/security/governance/user-1.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-1.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-2-1.xml
A model/model-intest/src/test/resources/security/governance/user-deputy1-2.xml
A model/model-intest/src/test/resources/security/governance/user-manager1.xml
A model/model-intest/src/test/resources/security/governance/user-manager2.xml
A model/model-intest/src/test/resources/security/governance/user-manager3.xml
A model/model-intest/src/test/resources/security/governance/user-manager4.xml
A model/model-intest/src/test/resources/security/governance/user-wheel-member1.xml
A model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
A model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-assignee-self-read.xml
A model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
M model/model-intest/src/test/resources/security/role-filter-object-modify-caribbean.xml
M model/model-intest/src/test/resources/security/role-read-jacks-campaigns.xml
A model/model-intest/src/test/resources/security/role-show-delegation-assignments.xml
A model/model-intest/src/test/resources/security/role-show-my-assignments-and-accesses.xml
A model/model-intest/src/test/resources/security/role-show-my-requesters.xml
A model/model-intest/src/test/resources/security/role-show-roles-inducing-my-role.xml
M model/model-intest/testng-integration-full.xml
M model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
R model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
R model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/SpringApplicationContextHolder.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/common/StageComputeHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processes/itemApproval/ApprovalSchemaHelper.java
M model/workflow-impl/src/main/java/com/evolveum/midpoint/wf/impl/processors/primary/cases/CaseStageOpening.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/AbstractWfTest.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/ExpectedWorkItem.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/assignments/AbstractTestAssignmentApproval.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/objects/AbstractTestObjectLifecycleApproval.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestDelegation.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M model/workflow-impl/src/test/resources/approval-task-owner/role-approver.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy-limited.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver-deputy.xml
M model/workflow-impl/src/test/resources/assignments-advanced/user-security-approver.xml
M model/workflow-impl/src/test/resources/assignments/user-jack-deputy.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy1.xml
M model/workflow-impl/src/test/resources/assignments/user-lead1-deputy2.xml
M model/workflow-impl/src/test/resources/common/041-role-approver.xml
M model/workflow-impl/src/test/resources/common/user-jack.xml
M model/workflow-impl/src/test/resources/miscellaneous/user-scrooge.xml
M model/workflow-impl/src/test/resources/objects-advanced/user-employee-owner.xml
M model/workflow-impl/src/test/resources/objects/user-pirate-owner.xml
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummyParallelism.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjNegative.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/ObjectSelectorMatcher.java
M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
R repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/util/AccessCertificationSupportMixin.java
A repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/util/CaseSupportMixin.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/RepositoryCache.java
M repo/repo-cache/src/main/java/com/evolveum/midpoint/repo/cache/handlers/SearchOpHandler.java
M repo/repo-common/src/main/java/com/evolveum/midpoint/repo/common/expression/ExpressionUtil.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/SqaleRepoBaseTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SimulationsBaselineTest.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/SqlRepositoryServiceImpl.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/CertificationCaseHelper.java
M repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/helpers/ObjectRetriever.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryContext.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/SqlQueryExecutor.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestObject.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCampaignAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseAsserter.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseFinder.java
A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCasesAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerValueAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismItemAsserter.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismObjectAsserter.java
M repo/security-api/pom.xml
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/DelegatorWithOtherPrivilegesLimitations.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipalManager.java
A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OtherPrivilegesLimitations.java
R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/OwnerResolver.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AbstractAuthorizationParameters.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/CompileConstraintsOptions.java
R repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PrismEntityOpConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ValueAuthorizationParameters.java
M repo/security-enforcer-impl/pom.xml
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationLimitationsCollector.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Beans.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/CompileConstraintsOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionFunction.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectOperationConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSecurityConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSpecParser.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/PhaseSelector.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SelectorFilterEvaluation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/Specification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TopDownSpecification.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverage.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismEntityCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismItemCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractEDirTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapConnTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/big/AbstractAdLdapBigTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/simple/AbstractAdLdapSimpleTest.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdap.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/security/TestRoleMembers.java
M testing/story/src/test/resources/strings/roles/role-end-user.xml
M testing/story/src/test/resources/strings/users/lechuck.xml
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningConsumerWorker.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master' into feature/shadow-metadata
# Conflicts:
# model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
# model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractEmptyModelIntegrationTest.java
Compare: https://github.com/Evolveum/midpoint/compare/5725da0d07f1...0cc21a6cea55
More information about the midPoint-svn
mailing list