[midPoint-git] [Evolveum/midpoint] e6c8ac: Add authorization checks in ModelController
mederly
noreply at github.com
Mon Feb 12 10:26:10 CET 2024
Branch: refs/heads/support-4.8
Home: https://github.com/Evolveum/midpoint
Commit: e6c8ac71087af7bf2a3eb3e1ea5b6282e477691a
https://github.com/Evolveum/midpoint/commit/e6c8ac71087af7bf2a3eb3e1ea5b6282e477691a
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2024-02-08 (Thu, 08 Feb 2024)
Changed paths:
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/expr/MidpointFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
M model/model-intest/src/test/resources/sync/role-importer.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/ResourceTester.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-enforcer-api/pom.xml
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcerUtil.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/consistency/TestConsistencyMechanism.java
M testing/story/src/test/resources/trusted-bulk-actions/role-unprivileged.xml
Log Message:
-----------
Add authorization checks in ModelController
This resolves MID-9460.
(cherry picked from commit b83016c7ebcfa42dbc86d9d33e0beee13dbd086d;
with some additions)
Commit: add8ea4fd61f79f0844a0c6aeb6373f5f12dbdb0
https://github.com/Evolveum/midpoint/commit/add8ea4fd61f79f0844a0c6aeb6373f5f12dbdb0
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M docs/interfaces/rest/index.adoc
M docs/interfaces/rest/operations/examples/create-object.adoc
M docs/interfaces/rest/operations/examples/create-user.adoc
M docs/interfaces/rest/operations/examples/get-user-self.adoc
M docs/interfaces/rest/operations/examples/get-user-unique-id.adoc
A docs/interfaces/rest/operations/examples/raw/create-role-employee.adoc
M docs/interfaces/rest/operations/examples/raw/create-user-jack.adoc
M docs/interfaces/rest/operations/examples/raw/curl-authenticatoin-intro-note.adoc
A docs/interfaces/rest/operations/examples/raw/delete-role.adoc
A docs/interfaces/rest/operations/examples/raw/delete-user.adoc
A docs/interfaces/rest/operations/examples/raw/get-role-end-user.adoc
M docs/interfaces/rest/operations/examples/raw/get-user-administrator.adoc
A docs/interfaces/rest/operations/examples/raw/modify-attr-role-employee.adoc
A docs/interfaces/rest/operations/examples/raw/modify-attr-user.adoc
A docs/interfaces/rest/operations/examples/raw/modify-attr.adoc
A docs/interfaces/rest/operations/examples/raw/modify-id-generate.adoc
A docs/interfaces/rest/operations/examples/raw/modify-user-assign-role.adoc
A docs/interfaces/rest/operations/examples/raw/role-id-generate.adoc
A docs/interfaces/rest/operations/examples/raw/search-all-roles.adoc
A docs/interfaces/rest/operations/examples/raw/search-all-users.adoc
A docs/interfaces/rest/operations/examples/raw/search-all.adoc
A docs/interfaces/rest/operations/examples/raw/user-pwd-generate.adoc
A docs/interfaces/rest/operations/examples/raw/user-pwd-reset.adoc
A docs/interfaces/rest/operations/examples/user-pwd-reset.adoc
M docs/interfaces/rest/resource-types/access-certification-campaign-type.adoc
M docs/interfaces/rest/resource-types/access-certification-definition-type.adoc
M docs/interfaces/rest/resource-types/archetypes.adoc
M docs/interfaces/rest/resource-types/cases.adoc
M docs/interfaces/rest/resource-types/connector-hosts.adoc
M docs/interfaces/rest/resource-types/connectors.adoc
M docs/interfaces/rest/resource-types/dashboards.adoc
M docs/interfaces/rest/resource-types/forms.adoc
M docs/interfaces/rest/resource-types/functions.adoc
M docs/interfaces/rest/resource-types/generic-objects.adoc
M docs/interfaces/rest/resource-types/index.adoc
M docs/interfaces/rest/resource-types/lookup-tables.adoc
M docs/interfaces/rest/resource-types/misc.adoc
M docs/interfaces/rest/resource-types/nodes.adoc
M docs/interfaces/rest/resource-types/object-collections.adoc
M docs/interfaces/rest/resource-types/object-templates.adoc
M docs/interfaces/rest/resource-types/organizational-units.adoc
M docs/interfaces/rest/resource-types/report-data.adoc
M docs/interfaces/rest/resource-types/reports.adoc
M docs/interfaces/rest/resource-types/resources.adoc
M docs/interfaces/rest/resource-types/roles.adoc
M docs/interfaces/rest/resource-types/rpc.adoc
M docs/interfaces/rest/resource-types/security-policies.adoc
M docs/interfaces/rest/resource-types/sequences.adoc
M docs/interfaces/rest/resource-types/services.adoc
M docs/interfaces/rest/resource-types/shadows.adoc
M docs/interfaces/rest/resource-types/system-configurations.adoc
M docs/interfaces/rest/resource-types/tasks.adoc
M docs/interfaces/rest/resource-types/users.adoc
M docs/interfaces/rest/resource-types/value-policies.adoc
R docs/security/advisories/001-midpoint-user-interface-clickjacking.adoc
R docs/security/advisories/002-abuse-of-expressions-in-midpoint-reports.adoc
R docs/security/advisories/003-xxe-vulnerabilities.adoc
R docs/security/advisories/004-ad-and-ldap-connectors-do-not-check-certificate-validity.adoc
R docs/security/advisories/005-workitem-identifier-weakness.adoc
R docs/security/advisories/006-plain-text-password-in-temporary-files.adoc
R docs/security/advisories/007-plain-text-password-in-task-objects-in-repository.adoc
R docs/security/advisories/008-xss-vulnerability-in-displayname.adoc
R docs/security/advisories/009-soap-web-service-vulnerable-to-brute-force-attack.adoc
R docs/security/advisories/010-authorizations-not-applied-properly-to-preview-changes.adoc
R docs/security/advisories/011-stored-xss-vulnerability-via-name-property.adoc
R docs/security/advisories/012-user-changes-and-user-session-updates.adoc
R docs/security/advisories/013-http-error-codes-used-for-secq-rest-authentication-reveal-user-existence.adoc
R docs/security/advisories/014-ghostcat-vulnerability-of-apache-tomcat.adoc
R docs/security/advisories/015-disabled-users-able-to-log-in-with-ldap.adoc
R docs/security/advisories/016-unauth-user-is-able-to-reset-password.adoc
R docs/security/advisories/017-self-registration-allows-to-change-password.adoc
R docs/security/advisories/018-less-privileged-user-able-to-execute-custom-groovy-scripts.adoc
R docs/security/advisories/019-xss-in-fullName-displayName.adoc
R docs/security/advisories/020-csrf-not-working-when-using-saml2.adoc
R docs/security/advisories/021-not-invited-user-able-to-register.adoc
R docs/security/advisories/automated-scanning.adoc
R docs/security/advisories/index.adoc
M docs/security/credentials/password-reset/index.adoc
M docs/security/credentials/password-storage-configuration.adoc
M docs/security/index.adoc
R docs/security/security-guide.adoc
M docs/security/trusted-actions/index.adoc
Log Message:
-----------
Merge remote-tracking branch 'origin/support-4.8' into support-4.8
Compare: https://github.com/Evolveum/midpoint/compare/d29588348320...add8ea4fd61f
More information about the midPoint-svn
mailing list