Class ModelInteractionServiceImpl
- java.lang.Object
-
- com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl
-
- All Implemented Interfaces:
ModelInteractionService
@Component("modelInteractionService") public class ModelInteractionServiceImpl extends Object implements ModelInteractionService
- Author:
- semancik
-
-
Field Summary
-
Fields inherited from interface com.evolveum.midpoint.model.api.ModelInteractionService
CHECK_PASSWORD, CLASS_NAME_WITH_DOT, GET_ALLOWED_REQUEST_ASSIGNMENT_ITEMS, GET_ASSIGNABLE_ROLE_SPECIFICATION, GET_AUTHENTICATIONS_POLICY, GET_CONNECTOR_OPERATIONAL_STATUS, GET_CREDENTIALS_POLICY, GET_DEPUTY_ASSIGNEES, GET_EDIT_OBJECT_DEFINITION, GET_EDIT_SHADOW_DEFINITION, GET_REGISTRATIONS_POLICY, GET_SECURITY_POLICY, MERGE_OBJECTS_PREVIEW_DELTA, MERGE_OBJECTS_PREVIEW_OBJECT, PREVIEW_CHANGES, SUBMIT_TASK_FROM_TEMPLATE
-
-
Constructor Summary
Constructors Constructor Description ModelInteractionServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
applyView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewType)
Applying all GuiObjectListViewsType to CompiledObjectCollectionViewMidPointPrincipal
assumePowerOfAttorney(PrismObject<? extends FocusType> donor, Task task, OperationResult result)
<T extends ObjectType,O extends ObjectType>
booleancanSearch(Class<T> resultType, Class<O> objectType, String objectOid, boolean includeSpecial, ObjectQuery query, Task task, OperationResult result)
TODO Question: does object make any sense here? E.g.boolean
checkPassword(String userOid, ProtectedStringType password, Task task, OperationResult parentResult)
Checks if the supplied password matches with current user password.@NotNull CompiledObjectCollectionView
compileObjectCollectionView(@NotNull CollectionRefSpecificationType collectionRef, @Nullable Class<? extends Containerable> targetTypeClass, @NotNull Task task, @NotNull OperationResult result)
@NotNull LocalizableMessageType
createLocalizableMessageType(LocalizableMessageTemplateType template, VariablesMap variables, Task task, OperationResult result)
<O extends AssignmentHolderType>
ArchetypePolicyTypedetermineArchetypePolicy(PrismObject<O> assignmentHolder, OperationResult result)
Efficiently determines information about archetype policy applicable for a particular object.<O extends AbstractRoleType>
AssignmentCandidatesSpecificationdetermineAssignmentHolderSpecification(PrismObject<O> assignmentTarget, OperationResult result)
Returns data structure that contains information about possible assignment holders for a particular target object.<O extends AssignmentHolderType>
AssignmentCandidatesSpecificationdetermineAssignmentTargetSpecification(PrismObject<O> object, OperationResult result)
Returns data structure that contains information about possible assignment targets for a particular holder object.<O extends ObjectType>
@NotNull CollectionStatsdetermineCollectionStats(@NotNull CompiledObjectCollectionView collectionView, @NotNull Task task, @NotNull OperationResult result)
<O extends ObjectType>
Collection<VirtualContainersSpecificationType>determineVirtualContainers(PrismObject<O> object, @NotNull Task task, @NotNull OperationResult parentResult)
MidPointPrincipal
dropPowerOfAttorney(Task task, OperationResult result)
@NotNull Collection<EvaluatedPolicyRule>
evaluateCollectionPolicyRules(@NotNull PrismObject<ObjectCollectionType> collection, @Nullable CompiledObjectCollectionView collectionView, @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull Task task, @NotNull OperationResult result)
Returns all policy rules that apply to the collection.ExecuteCredentialResetResponseType
executeCredentialsReset(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult parentResult)
<O extends ObjectType>
voidgenerateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult)
<O extends ObjectType>
StringgenerateValue(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, Task task, OperationResult parentResult)
TEMPORARY.Collection<? extends DisplayableValue<String>>
getActionUrls()
Returns a collection of all authorization actions known to the system.<O extends ObjectType,R extends AbstractRoleType>
ItemSecurityConstraintsgetAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result)
Returns decisions for individual items for "assign" authorization.<H extends AssignmentHolderType,R extends AbstractRoleType>
RoleSelectionSpecificationgetAssignableRoleSpecification(PrismObject<H> focus, Class<R> targetType, int assignmentOrder, Task task, OperationResult parentResult)
Returns an object that defines which roles can be assigned by the currently logged-in user.ActivationStatusType
getAssignmentEffectiveStatus(String lifecycleStatus, ActivationType activationType)
Computes effective status for the current ActivationType in for an assignmentSystemConfigurationAuditType
getAuditConfiguration(OperationResult parentResult)
AuthenticationsPolicyType
getAuthenticationPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult)
Returns an authentications policies as defined in the system configuration security policy.AccessCertificationConfigurationType
getCertificationConfiguration(OperationResult parentResult)
@NotNull CompiledGuiProfile
getCompiledGuiProfile(Task task, OperationResult parentResult)
Returns currently applicable user profile, compiled for efficient use in the user interface.List<ConnectorOperationalStatus>
getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult)
CredentialsPolicyType
getCredentialsPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult)
Returns a credential policy that applies to the specified user.DeploymentInformationType
getDeploymentInformationConfiguration(OperationResult parentResult)
@NotNull List<ObjectReferenceType>
getDeputyAssignees(AbstractWorkItemType workItem, Task task, OperationResult parentResult)
Gets "deputy assignees" i.e.@NotNull List<ObjectReferenceType>
getDeputyAssignees(ObjectReferenceType assigneeRef, QName limitationItemName, Task task, OperationResult parentResult)
<T extends ObjectType>
ObjectFiltergetDonorFilter(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, Task task, OperationResult parentResult)
Returns filter for lookup of donors of power of attorney.RefinedObjectClassDefinition
getEditObjectClassDefinition(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, AuthorizationPhaseType phase, Task task, OperationResult result)
<O extends ObjectType>
PrismObjectDefinition<O>getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult parentResult)
Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security.PrismObjectDefinition<ShadowType>
getEditShadowDefinition(ResourceShadowDiscriminator discr, AuthorizationPhaseType phase, Task task, OperationResult parentResult)
<O extends AssignmentHolderType>
List<ArchetypeType>getFilteredArchetypesByHolderType(PrismObject<O> object, OperationResult result)
This method is used to differentiate which archetypes can be added to object with holderType type.RegistrationsPolicyType
getFlowPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult)
Returns a policy for registration, e.g.List<UserSessionManagementType>
getLoggedInPrincipals(Task task, OperationResult result)
List<MergeConfigurationType>
getMergeConfiguration(OperationResult parentResult)
<O extends ObjectType>
MetadataItemProcessingSpecgetMetadataItemProcessingSpec(ItemPath metadataItemPath, PrismObject<O> object, Task task, OperationResult result)
Returns specification of processing of given metadata item (e.g.RegistrationsPolicyType
getRegistrationPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult)
Deprecated.List<RelationDefinitionType>
getRelationDefinitions()
SecurityPolicyType
getSecurityPolicy(RefinedObjectClassDefinition rOCDef, Task task, OperationResult parentResult)
<F extends FocusType>
SecurityPolicyTypegetSecurityPolicy(PrismObject<F> focus, Task task, OperationResult parentResult)
SystemConfigurationType
getSystemConfiguration(OperationResult parentResult)
ArchetypePolicyType
mergeArchetypePolicies(PrismObject<ArchetypeType> archetype, OperationResult result)
<O extends ObjectType>
MergeDeltas<O>mergeObjectsPreviewDeltas(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult parentResult)
<O extends ObjectType>
PrismObject<O>mergeObjectsPreviewObject(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult parentResult)
<F extends ObjectType>
ModelContext<F>previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, OperationResult parentResult)
Computes the most likely changes triggered by the provided delta.<F extends ObjectType>
ModelContext<F>previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult parentResult)
void
refreshPrincipal(String oid, Class<? extends FocusType> clazz)
<T> T
runUnderPowerOfAttorney(Producer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result)
@NotNull TaskType
submitTaskFromTemplate(String templateTaskOid, List<Item<?,?>> extensionItems, Task opTask, OperationResult parentResult)
@NotNull TaskType
submitTaskFromTemplate(String templateTaskOid, Map<QName,Object> extensionValues, Task opTask, OperationResult parentResult)
void
terminateSessions(TerminateSessionEvent terminateSessionEvent, Task task, OperationResult result)
Terminates specified sessions (clusterwide).<F extends ObjectType>
ModelContext<F>unwrapModelContext(LensContextType wrappedContext, Task task, OperationResult result)
<O extends ObjectType>
voidvalidateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult)
<O extends ObjectType>
List<StringLimitationResult>validateValue(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, Task task, OperationResult parentResult)
@NotNull Scene
visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, Task task, OperationResult result)
@NotNull Scene
visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, Task task, OperationResult result)
@NotNull Scene
visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, Task task, OperationResult result)
@NotNull Scene
visualizeDelta(ObjectDelta<? extends ObjectType> delta, Task task, OperationResult result)
List<? extends Scene>
visualizeDeltas(List<ObjectDelta<? extends ObjectType>> deltas, Task task, OperationResult result)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.evolveum.midpoint.model.api.ModelInteractionService
runUnderPowerOfAttorneyChecked
-
-
-
-
Method Detail
-
previewChanges
public <F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException
Description copied from interface:ModelInteractionService
Computes the most likely changes triggered by the provided delta. The delta may be any change of any object, e.g. add of a user or change of a shadow. The resulting context will sort that out to "focus" and "projection" as needed. The supplied delta will be used as a primary change. The resulting context will reflect both this primary change and any resulting secondary changes.The changes are only computed, NOT EXECUTED. It also does not change any state of any repository object or task. Therefore this method is safe to use anytime. However it is reading the data from the repository and possibly also from the resources therefore there is still potential for communication (and other) errors and invocation of this method may not be cheap. However, as no operations are really executed there may be issues with resource dependencies. E.g. identifier that are generated by the resource are not taken into account while recomputing the values. This may also cause errors if some expressions depend on the generated values.
-
previewChanges
public <F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult parentResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException
-
unwrapModelContext
public <F extends ObjectType> ModelContext<F> unwrapModelContext(LensContextType wrappedContext, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException
- Specified by:
unwrapModelContext
in interfaceModelInteractionService
- Throws:
SchemaException
ConfigurationException
ObjectNotFoundException
CommunicationException
ExpressionEvaluationException
-
getEditObjectDefinition
public <O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Description copied from interface:ModelInteractionService
Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security. This method merges together all the applicable limitations that midPoint knows of (schema, security, other constraints). It may be required to pre-populate new object before calling this method, e.g. to put the object in a correct org in case that delegated administration is used.
If null is returned then the access to the entire object is denied. It cannot be created or edited at all.
The returned definition contains all parts of static schema and run-time extensions. It does not contain parts of resource "refined" schemas. Therefore for shadows it is only applicable to static parts of the shadow (not attributes).
This is not security-sensitive function. It provides data about security constraints but it does not enforce it and it does not modify anything or reveal any data. The purpose of this method is to enable convenient display of GUI form fields, e.g. to hide non-accessible fields from the form. The actual enforcement of the security is executed regardless of this method.
- Specified by:
getEditObjectDefinition
in interfaceModelInteractionService
- Parameters:
object
- object to edit- Returns:
- schema with correctly set constraint parts or null
- Throws:
SchemaException
ConfigurationException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
SecurityViolationException
-
getEditShadowDefinition
public PrismObjectDefinition<ShadowType> getEditShadowDefinition(ResourceShadowDiscriminator discr, AuthorizationPhaseType phase, Task task, OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
getEditObjectClassDefinition
public RefinedObjectClassDefinition getEditObjectClassDefinition(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, AuthorizationPhaseType phase, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
getMetadataItemProcessingSpec
public <O extends ObjectType> MetadataItemProcessingSpec getMetadataItemProcessingSpec(ItemPath metadataItemPath, PrismObject<O> object, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Description copied from interface:ModelInteractionService
Returns specification of processing of given metadata item (e.g. provenance). The caller can use returned object to find out the processing of given metadata item for various data items (e.g. givenName, familyName, etc).
-
getAllowedRequestAssignmentItems
public <O extends ObjectType,R extends AbstractRoleType> ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
Description copied from interface:ModelInteractionService
Returns decisions for individual items for "assign" authorization. This is usually applicable to assignment parameters. The decisions are evaluated using the security context of a currently logged-in user.- Specified by:
getAllowedRequestAssignmentItems
in interfaceModelInteractionService
- Parameters:
object
- object of the operation (user)target
- target of the operation (role, org, service that is being assigned)- Throws:
SchemaException
SecurityViolationException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
ConfigurationException
-
getActionUrls
public Collection<? extends DisplayableValue<String>> getActionUrls()
Description copied from interface:ModelInteractionService
Returns a collection of all authorization actions known to the system. The format of returned data is designed for displaying purposes.
Note: this method returns only the list of authorization actions that are known to the IDM Model component and the components below. It does not return a GUI-specific authorization actions.
- Specified by:
getActionUrls
in interfaceModelInteractionService
- Returns:
-
getAssignableRoleSpecification
public <H extends AssignmentHolderType,R extends AbstractRoleType> RoleSelectionSpecification getAssignableRoleSpecification(PrismObject<H> focus, Class<R> targetType, int assignmentOrder, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Description copied from interface:ModelInteractionService
Returns an object that defines which roles can be assigned by the currently logged-in user.- Specified by:
getAssignableRoleSpecification
in interfaceModelInteractionService
- Parameters:
focus
- Object of the operation. The object (usually user) to whom the roles should be assigned.assignmentOrder
- order=0 means assignment, order>0 means inducement- Throws:
ObjectNotFoundException
SchemaException
ConfigurationException
ExpressionEvaluationException
CommunicationException
SecurityViolationException
-
getDonorFilter
public <T extends ObjectType> ObjectFilter getDonorFilter(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
Description copied from interface:ModelInteractionService
Returns filter for lookup of donors of power of attorney. The donors are the users that have granted the power of attorney to the currently logged-in user.TODO: authorization limitations
- Specified by:
getDonorFilter
in interfaceModelInteractionService
- Parameters:
searchResultType
- type of the expected search resultsorigFilter
- original filter (e.g. taken from GUI search bar)targetAuthorizationAction
- Authorization action that the attorney is trying to execute on behalf of donor. Only donors for which the use of this authorization was not limited will be returned (that does not necessarily mean that the donor is able to execute this action, it may be limited by donor's authorizations). If the parameter is null then all donors are returned.task
- taskparentResult
- operation result- Returns:
- original filter with AND clause limiting the search.
- Throws:
SchemaException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
ConfigurationException
SecurityViolationException
-
canSearch
public <T extends ObjectType,O extends ObjectType> boolean canSearch(Class<T> resultType, Class<O> objectType, String objectOid, boolean includeSpecial, ObjectQuery query, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
TODO Question: does object make any sense here? E.g. when searching role members, the role OID should be determined from the query.- Specified by:
canSearch
in interfaceModelInteractionService
includeSpecial
- include special authorizations, such as "self". If set to false those authorizations will be ignored. This is a good way to avoid interference of "self" when checking for authorizations such as ability to display role members.- Throws:
ObjectNotFoundException
CommunicationException
SchemaException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getAuthenticationPolicy
public AuthenticationsPolicyType getAuthenticationPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
Returns an authentications policies as defined in the system configuration security policy. This method is designed to be used during registration process or reset password process. security questions, etc).- Specified by:
getAuthenticationPolicy
in interfaceModelInteractionService
- Returns:
- applicable credentials policy or null
- Throws:
SchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getRegistrationPolicy
@Deprecated public RegistrationsPolicyType getRegistrationPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Deprecated.Description copied from interface:ModelInteractionService
Returns a policy for registration, e.g. type of the supported registrations (self, social,...)- Specified by:
getRegistrationPolicy
in interfaceModelInteractionService
- Parameters:
user
- user for who the policy should apply- Returns:
- applicable credentials policy or null
- Throws:
SchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getFlowPolicy
public RegistrationsPolicyType getFlowPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
Returns a policy for registration, e.g. type of the supported registrations (self, social,...)- Specified by:
getFlowPolicy
in interfaceModelInteractionService
- Parameters:
focus
- focus for who the policy should apply- Returns:
- applicable credentials policy or null
- Throws:
SchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getCredentialsPolicy
public CredentialsPolicyType getCredentialsPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
Returns a credential policy that applies to the specified user. This method is designed to be used during credential reset so the GUI has enough information to set up the credential (e.g. password policies, security questions, etc).- Specified by:
getCredentialsPolicy
in interfaceModelInteractionService
- Parameters:
focus
- focus for who the policy should apply- Returns:
- applicable credentials policy or null
- Throws:
SchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getSecurityPolicy
public <F extends FocusType> SecurityPolicyType getSecurityPolicy(PrismObject<F> focus, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
- Specified by:
getSecurityPolicy
in interfaceModelInteractionService
- Throws:
SchemaException
CommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getSecurityPolicy
public SecurityPolicyType getSecurityPolicy(RefinedObjectClassDefinition rOCDef, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException
-
getCompiledGuiProfile
@NotNull public @NotNull CompiledGuiProfile getCompiledGuiProfile(Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
Returns currently applicable user profile, compiled for efficient use in the user interface. Use profile contains configuration, customization and user preferences for the user interface. Note: This operation bypasses the authorizations. It will always return the value regardless whether the current user is authorized to read the underlying objects or not. However, it will always return only values applicable for current user, therefore the authorization might be considered to be implicit in this case.
-
getLoggedInPrincipals
public List<UserSessionManagementType> getLoggedInPrincipals(Task task, OperationResult result)
- Specified by:
getLoggedInPrincipals
in interfaceModelInteractionService
- Returns:
- list of logged in users with at least 1 active session (clusterwide)
-
terminateSessions
public void terminateSessions(TerminateSessionEvent terminateSessionEvent, Task task, OperationResult result)
Description copied from interface:ModelInteractionService
Terminates specified sessions (clusterwide).- Specified by:
terminateSessions
in interfaceModelInteractionService
-
getSystemConfiguration
public SystemConfigurationType getSystemConfiguration(OperationResult parentResult) throws SchemaException
- Specified by:
getSystemConfiguration
in interfaceModelInteractionService
- Throws:
SchemaException
-
getDeploymentInformationConfiguration
public DeploymentInformationType getDeploymentInformationConfiguration(OperationResult parentResult) throws SchemaException
- Specified by:
getDeploymentInformationConfiguration
in interfaceModelInteractionService
- Throws:
SchemaException
-
getAuditConfiguration
public SystemConfigurationAuditType getAuditConfiguration(OperationResult parentResult) throws SchemaException
- Specified by:
getAuditConfiguration
in interfaceModelInteractionService
- Throws:
SchemaException
-
getMergeConfiguration
public List<MergeConfigurationType> getMergeConfiguration(OperationResult parentResult) throws SchemaException
- Specified by:
getMergeConfiguration
in interfaceModelInteractionService
- Throws:
SchemaException
-
getCertificationConfiguration
public AccessCertificationConfigurationType getCertificationConfiguration(OperationResult parentResult) throws SchemaException
- Specified by:
getCertificationConfiguration
in interfaceModelInteractionService
- Throws:
SchemaException
-
checkPassword
public boolean checkPassword(String userOid, ProtectedStringType password, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
Description copied from interface:ModelInteractionService
Checks if the supplied password matches with current user password. This method is NOT subject to any password expiration policies, it does not update failed login counters, it does not change any data or meta-data. This method is NOT SUPPOSED to be used to validate password on login. This method is supposed to check old password when the password is changed by the user. We assume that the user already passed normal system authentication.Note: no authorizations are checked in the implementation. It is assumed that authorizations will be enforced at the page level.
- Specified by:
checkPassword
in interfaceModelInteractionService
- Returns:
- true if the password matches, false otherwise
- Throws:
ObjectNotFoundException
SchemaException
-
visualizeDeltas
public List<? extends Scene> visualizeDeltas(List<ObjectDelta<? extends ObjectType>> deltas, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
- Specified by:
visualizeDeltas
in interfaceModelInteractionService
- Throws:
SchemaException
ExpressionEvaluationException
-
visualizeDelta
@NotNull public @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
- Specified by:
visualizeDelta
in interfaceModelInteractionService
- Throws:
SchemaException
ExpressionEvaluationException
-
visualizeDelta
@NotNull public @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
- Specified by:
visualizeDelta
in interfaceModelInteractionService
- Throws:
SchemaException
ExpressionEvaluationException
-
visualizeDelta
@NotNull public @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
- Specified by:
visualizeDelta
in interfaceModelInteractionService
- Throws:
SchemaException
ExpressionEvaluationException
-
visualizeDelta
@NotNull public @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
- Specified by:
visualizeDelta
in interfaceModelInteractionService
- Throws:
SchemaException
ExpressionEvaluationException
-
getConnectorOperationalStatus
public List<ConnectorOperationalStatus> getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
- Specified by:
getConnectorOperationalStatus
in interfaceModelInteractionService
- Throws:
SchemaException
ObjectNotFoundException
CommunicationException
ConfigurationException
ExpressionEvaluationException
-
mergeObjectsPreviewDeltas
public <O extends ObjectType> MergeDeltas<O> mergeObjectsPreviewDeltas(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
mergeObjectsPreviewObject
public <O extends ObjectType> PrismObject<O> mergeObjectsPreviewObject(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
generateValue
public <O extends ObjectType> String generateValue(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, Task task, OperationResult parentResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException
Description copied from interface:ModelInteractionService
TEMPORARY. Need to find out better way how to deal with generated values- Specified by:
generateValue
in interfaceModelInteractionService
object
- object for which we generate the value (e.g. user or shadow)- Returns:
- Throws:
ExpressionEvaluationException
SchemaException
ObjectNotFoundException
CommunicationException
ConfigurationException
SecurityViolationException
-
generateValue
public <O extends ObjectType> void generateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) throws ObjectAlreadyExistsException, ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException
-
validateValue
public <O extends ObjectType> void validateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException
-
getDeputyAssignees
@NotNull public @NotNull List<ObjectReferenceType> getDeputyAssignees(AbstractWorkItemType workItem, Task task, OperationResult parentResult) throws SchemaException
Description copied from interface:ModelInteractionService
Gets "deputy assignees" i.e. users that are deputies of assignees. Takes limitations into account.MAY NOT CHECK AUTHORIZATIONS (uses repository directly, at least at some places) - TODO TODO parameterize on limitation kind
- Specified by:
getDeputyAssignees
in interfaceModelInteractionService
- Throws:
SchemaException
-
getDeputyAssignees
@NotNull public @NotNull List<ObjectReferenceType> getDeputyAssignees(ObjectReferenceType assigneeRef, QName limitationItemName, Task task, OperationResult parentResult) throws SchemaException
- Specified by:
getDeputyAssignees
in interfaceModelInteractionService
- Throws:
SchemaException
-
getAssignmentEffectiveStatus
public ActivationStatusType getAssignmentEffectiveStatus(String lifecycleStatus, ActivationType activationType)
Description copied from interface:ModelInteractionService
Computes effective status for the current ActivationType in for an assignment- Specified by:
getAssignmentEffectiveStatus
in interfaceModelInteractionService
-
assumePowerOfAttorney
public MidPointPrincipal assumePowerOfAttorney(PrismObject<? extends FocusType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
-
dropPowerOfAttorney
public MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SecurityViolationException
- Specified by:
dropPowerOfAttorney
in interfaceModelInteractionService
- Throws:
SecurityViolationException
-
runUnderPowerOfAttorney
public <T> T runUnderPowerOfAttorney(Producer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
-
createLocalizableMessageType
@NotNull public @NotNull LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateType template, VariablesMap variables, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
executeCredentialsReset
public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
refreshPrincipal
public void refreshPrincipal(String oid, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
-
getRelationDefinitions
public List<RelationDefinitionType> getRelationDefinitions()
- Specified by:
getRelationDefinitions
in interfaceModelInteractionService
-
submitTaskFromTemplate
@NotNull public @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, List<Item<?,?>> extensionItems, Task opTask, OperationResult parentResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
submitTaskFromTemplate
@NotNull public @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, Map<QName,Object> extensionValues, Task opTask, OperationResult parentResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
determineArchetypePolicy
public <O extends AssignmentHolderType> ArchetypePolicyType determineArchetypePolicy(PrismObject<O> assignmentHolder, OperationResult result) throws SchemaException, ConfigurationException
Description copied from interface:ModelInteractionService
Efficiently determines information about archetype policy applicable for a particular object. Returns null if no archetype policy is applicable. This is a "one stop" method for archetype policy in the GUI. The method returns archetype policy even for "legacy" situations, e.g. if the policy needs to be determined from system configuration using legacy subtype. GUI should not need to to any other processing to determine archetype information.This method is invoked very often, usually when any object is displayed (including display of object lists and search results). Therefore this method is supposed to be very efficient. It should be using caching as much as possible.
- Specified by:
determineArchetypePolicy
in interfaceModelInteractionService
- Throws:
SchemaException
ConfigurationException
-
mergeArchetypePolicies
public ArchetypePolicyType mergeArchetypePolicies(PrismObject<ArchetypeType> archetype, OperationResult result) throws SchemaException
- Specified by:
mergeArchetypePolicies
in interfaceModelInteractionService
- Throws:
SchemaException
-
determineAssignmentTargetSpecification
public <O extends AssignmentHolderType> AssignmentCandidatesSpecification determineAssignmentTargetSpecification(PrismObject<O> object, OperationResult result) throws SchemaException
Description copied from interface:ModelInteractionService
Returns data structure that contains information about possible assignment targets for a particular holder object.This method should be used when editing assignment holder (e.g. user) and looking for available assignment target. The determineAssignmentHolderSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
- Specified by:
determineAssignmentTargetSpecification
in interfaceModelInteractionService
- Throws:
SchemaException
-
getFilteredArchetypesByHolderType
public <O extends AssignmentHolderType> List<ArchetypeType> getFilteredArchetypesByHolderType(PrismObject<O> object, OperationResult result) throws SchemaException
Description copied from interface:ModelInteractionService
This method is used to differentiate which archetypes can be added to object with holderType type. e.g. when changing archetype within Change archetype functionality should provide only those archetypes which can be assigned according to holderType.- Specified by:
getFilteredArchetypesByHolderType
in interfaceModelInteractionService
- Throws:
SchemaException
-
determineAssignmentHolderSpecification
public <O extends AbstractRoleType> AssignmentCandidatesSpecification determineAssignmentHolderSpecification(PrismObject<O> assignmentTarget, OperationResult result) throws SchemaException
Description copied from interface:ModelInteractionService
Returns data structure that contains information about possible assignment holders for a particular target object.This method should be used when editing assignment target (role, org, service) and looking for object that can be potential members. The determineAssignmentTargetSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
- Specified by:
determineAssignmentHolderSpecification
in interfaceModelInteractionService
- Throws:
SchemaException
-
evaluateCollectionPolicyRules
@Experimental @NotNull public @NotNull Collection<EvaluatedPolicyRule> evaluateCollectionPolicyRules(@NotNull @NotNull PrismObject<ObjectCollectionType> collection, @Nullable @Nullable CompiledObjectCollectionView collectionView, @Nullable @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Description copied from interface:ModelInteractionService
Returns all policy rules that apply to the collection. Later, the policy rules are compiled from all the applicable sources (target, meta-roles, etc.). But for now we support only policy rules that are directly placed in collection assignments. EXPERIMENTAL. Quite likely to change later.
-
compileObjectCollectionView
@Experimental @NotNull public @NotNull CompiledObjectCollectionView compileObjectCollectionView(@NotNull @NotNull CollectionRefSpecificationType collectionRef, @Nullable @Nullable Class<? extends Containerable> targetTypeClass, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException
-
determineCollectionStats
@Experimental @NotNull public <O extends ObjectType> @NotNull CollectionStats determineCollectionStats(@NotNull @NotNull CompiledObjectCollectionView collectionView, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException, ExpressionEvaluationException
-
determineVirtualContainers
public <O extends ObjectType> Collection<VirtualContainersSpecificationType> determineVirtualContainers(PrismObject<O> object, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult)
- Specified by:
determineVirtualContainers
in interfaceModelInteractionService
- Returns:
- virtual containers sepcification if present. Merge virtual container specification from archetype policy for concrete object with global settings in systemConfiguration/adminGuiConfig
-
applyView
public void applyView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewType)
Description copied from interface:ModelInteractionService
Applying all GuiObjectListViewsType to CompiledObjectCollectionView- Specified by:
applyView
in interfaceModelInteractionService
-
validateValue
public <O extends ObjectType> List<StringLimitationResult> validateValue(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
-