[midPoint-git] [Evolveum/midpoint] 161159: Support "privileges" for scripting policy actions

KaterynaHonchar noreply at github.com
Fri Sep 19 10:00:11 CEST 2025 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: 1611593f4e643c42857e4d16e623bc38e6f0d729
      https://github.com/Evolveum/midpoint/commit/1611593f4e643c42857e4d16e623bc38e6f0d729
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2025-09-18 (Thu, 18 Sep 2025)

  Changed paths:
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/PolicyRuleScriptExecutor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/RunAsRunner.java
    M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java

  Log Message:
  -----------
  Support "privileges" for scripting policy actions

The ScriptExecutionPolicyActionType.privileges item was
not used at all (by omission). This is now fixed.

There might be a slight performance degradation here:
originally, if there were multiple policy actions with
runAsRef pointing to specific user, they could be run
with just one login process (context switch). Unfortunately,
this is no longer the case, because of the implementation
aspects. See the improvement MID-10864.

Work in progress.

Related to MID-10820.


  Commit: cc3c5c5fffd2dfce419193b806a9d9e073dbf78b
      https://github.com/Evolveum/midpoint/commit/cc3c5c5fffd2dfce419193b806a9d9e073dbf78b
  Author: honchar <honchar at evolveum.com>
  Date:   2025-09-19 (Fri, 19 Sep 2025)

  Changed paths:
    M docs/synchronization/linked-objects/index.adoc
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetsEvaluation.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/scriptExecutor/PolicyRuleScriptExecutor.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestLinkedObjects.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestGlobalPolicyActivation.java
    A model/model-intest/src/test/resources/run-as/task-recompute-privileged-user.xml
    A model/model-intest/src/test/resources/run-as/user-privileged.xml
    M pom.xml

  Log Message:
  -----------
  merging the branch (tmp/fix-10820); resolving the conflict in PolicyRuleScriptExecutor


Compare: https://github.com/Evolveum/midpoint/compare/2ab2c7289745...cc3c5c5fffd2

To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications

More information about the midPoint-svn mailing list