[midPoint-git] [Evolveum/midpoint] 30e510: Support nested "item value" authorizations

[mederly]

  Branch: refs/heads/feature/autz-improvements
  Home:   https://github.com/Evolveum/midpoint
  Commit: 30e51086c17aefe7c8091c416d55ff7d0636e89e
      https://github.com/Evolveum/midpoint/commit/30e51086c17aefe7c8091c416d55ff7d0636e89e
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-05-13 (Sat, 13 May 2023)

  Changed paths:
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityItemValues.java
    A model/model-intest/src/test/resources/security/access-certification-campaign-1.xml
    A model/model-intest/src/test/resources/security/access-certification-campaign-2.xml
    A model/model-intest/src/test/resources/security/access-certification-campaign-3.xml
    M model/model-intest/src/test/resources/security/case-4.xml
    A model/model-intest/src/test/resources/security/role-acc-cert-campaign-complex-read.xml
    A model/model-intest/src/test/resources/security/role-acc-cert-case-work-items-assignee-self-read.xml
    A model/model-intest/src/test/resources/security/role-case-work-items-event-approved-read.xml
    M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
    M model/model-test/src/main/java/com/evolveum/midpoint/model/test/asserter/WorkItemsAsserter.java
    A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCampaignAsserter.java
    A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseAsserter.java
    A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCaseFinder.java
    A repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/AccCertCasesAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemFinder.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/CaseWorkItemsAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismContainerValueAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismItemAsserter.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/prism/PrismObjectAsserter.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ValueSelectorEvaluation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/PrismValueCoverageInformation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/SinglePhasePrismEntityOpConstraintsImpl.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/TwoPhasesPrismEntityOpConstraintsImpl.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/prism/UpdatablePrismEntityOpConstraints.java

  Log Message:
  -----------
  Support nested "item value" authorizations

Now we can specify nested "item value" authorizations - for example,
we can restrict work items in certification cases, which are themselves
restricted in certification campaign objects. We can also declare
inner "item" and "exceptItem" paths for specific item values.

Experimental implementation of "filter" value selection clause was
added as well.

Work in progress. Still no searching or other operations,
only "getObject" evaluation.