Package com.evolveum.midpoint.model.api
Interface ModelInteractionService
-
@Experimental public interface ModelInteractionService
A service provided by the IDM Model that allows to improve the (user) interaction with the model. It is supposed to provide services such as preview of changes, diagnostics and other informational services. It should only provide access to read-only data or provide a temporary (throw-away) previews of data. It should not change the state of IDM repository, resources or tasks. EXPERIMENTAL/UNSTABLE: This is likely to change at any moment without a notice. Depend on this interface on your own risk.- Author:
- Radovan Semancik
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static classModelInteractionService.SearchSpec<C extends Containerable>
-
Field Summary
Fields Modifier and Type Field Description static StringCHECK_PASSWORDstatic StringCLASS_NAME_WITH_DOTstatic StringGET_ALLOWED_REQUEST_ASSIGNMENT_ITEMSstatic StringGET_ASSIGNABLE_ROLE_SPECIFICATIONstatic StringGET_AUTHENTICATIONS_POLICYstatic StringGET_CONNECTOR_OPERATIONAL_STATUSstatic StringGET_CREDENTIALS_POLICYstatic StringGET_DEPUTY_ASSIGNEESstatic StringGET_EDIT_OBJECT_DEFINITIONstatic StringGET_EDIT_SHADOW_DEFINITIONstatic StringGET_REGISTRATIONS_POLICYstatic StringGET_SECURITY_POLICYstatic StringMERGE_OBJECTS_PREVIEW_DELTAstatic StringMERGE_OBJECTS_PREVIEW_OBJECTstatic StringPREVIEW_CHANGESstatic StringSUBMIT_TASK_FROM_TEMPLATE
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description voidapplyView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType)Applying all GuiObjectListViewsType to CompiledObjectCollectionViewcom.evolveum.midpoint.security.api.MidPointPrincipalassumePowerOfAttorney(PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result)<T extends ObjectType,O extends ObjectType>
booleancanSearch(Class<T> resultType, Class<O> objectType, String objectOid, boolean includeSpecial, ObjectQuery query, com.evolveum.midpoint.task.api.Task task, OperationResult result)TODO Question: does object make any sense here? E.g.booleancheckPassword(String userOid, ProtectedStringType password, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Checks if the supplied password matches with current user password.@NotNull CompiledObjectCollectionViewcompileObjectCollectionView(@NotNull CollectionRefSpecificationType collection, @Nullable Class<? extends Containerable> targetTypeClass, @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull OperationResult result)voidcompileView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType, com.evolveum.midpoint.task.api.Task task, OperationResult result)Compile object list view together with collection ref specification if presentIntegercountObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull LocalizableMessageTypecreateLocalizableMessageType(LocalizableMessageTemplateType template, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends AssignmentHolderType>
ArchetypePolicyTypedetermineArchetypePolicy(PrismObject<O> assignmentHolder, OperationResult result)Efficiently determines information about archetype policy applicable for a particular object.<O extends AbstractRoleType>
AssignmentCandidatesSpecificationdetermineAssignmentHolderSpecification(PrismObject<O> assignmentTarget, OperationResult result)Returns data structure that contains information about possible assignment holders for a particular target object.<O extends AssignmentHolderType>
AssignmentCandidatesSpecificationdetermineAssignmentTargetSpecification(PrismObject<O> assignmentHolder, OperationResult result)Returns data structure that contains information about possible assignment targets for a particular holder object.<O extends ObjectType>
@NotNull CollectionStatsdetermineCollectionStats(@NotNull CompiledObjectCollectionView collectionView, @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull OperationResult result)com.evolveum.midpoint.security.api.MidPointPrincipaldropPowerOfAttorney(com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull Collection<EvaluatedPolicyRule>evaluateCollectionPolicyRules(@NotNull PrismObject<ObjectCollectionType> collection, @Nullable CompiledObjectCollectionView collectionView, @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull OperationResult result)Returns all policy rules that apply to the collection.ExecuteCredentialResetResponseTypeexecuteCredentialsReset(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends ObjectType>
StringgenerateNonce(NonceCredentialsPolicyType noncePolicy, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends ObjectType>
voidgenerateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)<O extends ObjectType>
StringgenerateValue(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, com.evolveum.midpoint.task.api.Task task, OperationResult inputResult)TEMPORARY.Collection<? extends DisplayableValue<String>>getActionUrls()Returns a collection of all authorization actions known to the system.<O extends ObjectType,R extends AbstractRoleType>
com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraintsgetAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, com.evolveum.midpoint.task.api.Task task, OperationResult result)Returns decisions for individual items for "assign" authorization.<H extends AssignmentHolderType,R extends AbstractRoleType>
RoleSelectionSpecificationgetAssignableRoleSpecification(PrismObject<H> assignmentHolder, Class<R> targetType, int assignmentOrder, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns an object that defines which roles can be assigned by the currently logged-in user.ActivationStatusTypegetAssignmentEffectiveStatus(String lifecycleStatus, ActivationType activationType)Computes effective status for the current ActivationType in for an assignmentSystemConfigurationAuditTypegetAuditConfiguration(OperationResult parentResult)AuthenticationsPolicyTypegetAuthenticationPolicy(PrismObject<UserType> user, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns an authentications policies as defined in the system configuration security policy.AccessCertificationConfigurationTypegetCertificationConfiguration(OperationResult parentResult)@NotNull CompiledGuiProfilegetCompiledGuiProfile(com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns currently applicable user profile, compiled for efficient use in the user interface.List<ConnectorOperationalStatus>getConnectorOperationalStatus(String resourceOid, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)CredentialsPolicyTypegetCredentialsPolicy(PrismObject<? extends FocusType> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns a credential policy that applies to the specified user.DeploymentInformationTypegetDeploymentInformationConfiguration(OperationResult parentResult)@NotNull List<ObjectReferenceType>getDeputyAssignees(AbstractWorkItemType workItem, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Gets "deputy assignees" i.e.@NotNull List<ObjectReferenceType>getDeputyAssignees(ObjectReferenceType assignee, QName limitationItemName, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)<T extends ObjectType>
ObjectFiltergetDonorFilter(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns filter for lookup of donors of power of attorney.RefinedObjectClassDefinitiongetEditObjectClassDefinition(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends ObjectType>
PrismObjectDefinition<O>getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result)Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security.PrismObjectDefinition<ShadowType>getEditShadowDefinition(ResourceShadowDiscriminator discr, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends AssignmentHolderType>
List<ArchetypeType>getFilteredArchetypesByHolderType(PrismObject<O> object, OperationResult result)This method is used to differentiate which archetypes can be added to object with holderType type.RegistrationsPolicyTypegetFlowPolicy(PrismObject<? extends FocusType> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)Returns a policy for registration, e.g.List<UserSessionManagementType>getLoggedInPrincipals(com.evolveum.midpoint.task.api.Task task, OperationResult result)List<MergeConfigurationType>getMergeConfiguration(OperationResult parentResult)<O extends ObjectType>
MetadataItemProcessingSpecgetMetadataItemProcessingSpec(ItemPath metadataItemPath, PrismObject<O> object, com.evolveum.midpoint.task.api.Task task, OperationResult result)Returns specification of processing of given metadata item (e.g.List<RelationDefinitionType>getRelationDefinitions()<C extends Containerable>
ModelInteractionService.SearchSpec<C>getSearchSpecificationFromCollection(CompiledObjectCollectionView collection, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result)TODO document and clean up the interfaceSecurityPolicyTypegetSecurityPolicy(RefinedObjectClassDefinition rOCDef, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)<F extends FocusType>
SecurityPolicyTypegetSecurityPolicy(PrismObject<F> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)SystemConfigurationTypegetSystemConfiguration(OperationResult parentResult)ArchetypePolicyTypemergeArchetypePolicies(PrismObject<ArchetypeType> archetype, OperationResult result)<O extends ObjectType>
MergeDeltas<O>mergeObjectsPreviewDeltas(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends ObjectType>
PrismObject<O>mergeObjectsPreviewObject(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, com.evolveum.midpoint.task.api.Task task, OperationResult result)<F extends ObjectType>
ModelContext<F>previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, com.evolveum.midpoint.task.api.Task task, OperationResult result)Computes the most likely changes triggered by the provided delta.<F extends ObjectType>
ModelContext<F>previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, com.evolveum.midpoint.task.api.Task task, Collection<ProgressListener> listeners, OperationResult result)voidprocessObjectsFromCollection(CollectionRefSpecificationType collection, QName typeForFilter, Predicate<PrismContainer> handler, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result, boolean recordProgress)TODO documentvoidrefreshPrincipal(String oid, Class<? extends FocusType> clazz)<T> TrunUnderPowerOfAttorney(Producer<T> producer, PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result)default <T> TrunUnderPowerOfAttorneyChecked(CheckedProducer<T> producer, PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result)List<? extends Containerable>searchObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull TaskTypesubmitTaskFromTemplate(String templateTaskOid, List<Item<?,?>> extensionItems, com.evolveum.midpoint.task.api.Task opTask, OperationResult result)@NotNull TaskTypesubmitTaskFromTemplate(String templateTaskOid, Map<QName,Object> extensionValues, com.evolveum.midpoint.task.api.Task opTask, OperationResult result)voidterminateSessions(com.evolveum.midpoint.TerminateSessionEvent terminateSessionEvent, com.evolveum.midpoint.task.api.Task task, OperationResult result)Terminates specified sessions (clusterwide).<F extends ObjectType>
ModelContext<F>unwrapModelContext(LensContextType wrappedContext, com.evolveum.midpoint.task.api.Task task, OperationResult result)<O extends ObjectType>
voidvalidateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)<O extends ObjectType>
List<StringLimitationResult>validateValue(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult)@NotNull ScenevisualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull ScenevisualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull ScenevisualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, com.evolveum.midpoint.task.api.Task task, OperationResult result)@NotNull ScenevisualizeDelta(ObjectDelta<? extends ObjectType> delta, com.evolveum.midpoint.task.api.Task task, OperationResult result)List<? extends Scene>visualizeDeltas(List<ObjectDelta<? extends ObjectType>> deltas, com.evolveum.midpoint.task.api.Task task, OperationResult result)
-
-
-
Field Detail
-
CLASS_NAME_WITH_DOT
static final String CLASS_NAME_WITH_DOT
-
PREVIEW_CHANGES
static final String PREVIEW_CHANGES
-
GET_EDIT_OBJECT_DEFINITION
static final String GET_EDIT_OBJECT_DEFINITION
-
GET_EDIT_SHADOW_DEFINITION
static final String GET_EDIT_SHADOW_DEFINITION
-
GET_ALLOWED_REQUEST_ASSIGNMENT_ITEMS
static final String GET_ALLOWED_REQUEST_ASSIGNMENT_ITEMS
-
GET_ASSIGNABLE_ROLE_SPECIFICATION
static final String GET_ASSIGNABLE_ROLE_SPECIFICATION
-
GET_CREDENTIALS_POLICY
static final String GET_CREDENTIALS_POLICY
-
GET_AUTHENTICATIONS_POLICY
static final String GET_AUTHENTICATIONS_POLICY
-
GET_REGISTRATIONS_POLICY
static final String GET_REGISTRATIONS_POLICY
-
GET_SECURITY_POLICY
static final String GET_SECURITY_POLICY
-
CHECK_PASSWORD
static final String CHECK_PASSWORD
-
GET_CONNECTOR_OPERATIONAL_STATUS
static final String GET_CONNECTOR_OPERATIONAL_STATUS
-
MERGE_OBJECTS_PREVIEW_DELTA
static final String MERGE_OBJECTS_PREVIEW_DELTA
-
MERGE_OBJECTS_PREVIEW_OBJECT
static final String MERGE_OBJECTS_PREVIEW_OBJECT
-
GET_DEPUTY_ASSIGNEES
static final String GET_DEPUTY_ASSIGNEES
-
SUBMIT_TASK_FROM_TEMPLATE
static final String SUBMIT_TASK_FROM_TEMPLATE
-
-
Method Detail
-
previewChanges
<F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException
Computes the most likely changes triggered by the provided delta. The delta may be any change of any object, e.g. add of a user or change of a shadow. The resulting context will sort that out to "focus" and "projection" as needed. The supplied delta will be used as a primary change. The resulting context will reflect both this primary change and any resulting secondary changes.The changes are only computed, NOT EXECUTED. It also does not change any state of any repository object or task. Therefore this method is safe to use anytime. However it is reading the data from the repository and possibly also from the resources therefore there is still potential for communication (and other) errors and invocation of this method may not be cheap. However, as no operations are really executed there may be issues with resource dependencies. E.g. identifier that are generated by the resource are not taken into account while recomputing the values. This may also cause errors if some expressions depend on the generated values.
-
previewChanges
<F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, com.evolveum.midpoint.task.api.Task task, Collection<ProgressListener> listeners, OperationResult result) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException
-
unwrapModelContext
<F extends ObjectType> ModelContext<F> unwrapModelContext(LensContextType wrappedContext, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException
-
getEditObjectDefinition
<O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security. This method merges together all the applicable limitations that midPoint knows of (schema, security, other constraints). It may be required to pre-populate new object before calling this method, e.g. to put the object in a correct org in case that delegated administration is used.
If null is returned then the access to the entire object is denied. It cannot be created or edited at all.
The returned definition contains all parts of static schema and run-time extensions. It does not contain parts of resource "refined" schemas. Therefore for shadows it is only applicable to static parts of the shadow (not attributes).
This is not security-sensitive function. It provides data about security constraints but it does not enforce it and it does not modify anything or reveal any data. The purpose of this method is to enable convenient display of GUI form fields, e.g. to hide non-accessible fields from the form. The actual enforcement of the security is executed regardless of this method.
- Parameters:
object- object to edit- Returns:
- schema with correctly set constraint parts or null
- Throws:
SchemaExceptionConfigurationExceptionObjectNotFoundExceptionExpressionEvaluationExceptionCommunicationExceptionSecurityViolationException
-
getEditShadowDefinition
PrismObjectDefinition<ShadowType> getEditShadowDefinition(ResourceShadowDiscriminator discr, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
getEditObjectClassDefinition
RefinedObjectClassDefinition getEditObjectClassDefinition(PrismObject<ShadowType> shadow, PrismObject<ResourceType> resource, AuthorizationPhaseType phase, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
getMetadataItemProcessingSpec
@Experimental <O extends ObjectType> MetadataItemProcessingSpec getMetadataItemProcessingSpec(ItemPath metadataItemPath, PrismObject<O> object, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Returns specification of processing of given metadata item (e.g. provenance). The caller can use returned object to find out the processing of given metadata item for various data items (e.g. givenName, familyName, etc).
-
getActionUrls
Collection<? extends DisplayableValue<String>> getActionUrls()
Returns a collection of all authorization actions known to the system. The format of returned data is designed for displaying purposes.
Note: this method returns only the list of authorization actions that are known to the IDM Model component and the components below. It does not return a GUI-specific authorization actions.
- Returns:
-
getAssignableRoleSpecification
<H extends AssignmentHolderType,R extends AbstractRoleType> RoleSelectionSpecification getAssignableRoleSpecification(PrismObject<H> assignmentHolder, Class<R> targetType, int assignmentOrder, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
Returns an object that defines which roles can be assigned by the currently logged-in user.- Parameters:
assignmentHolder- Object of the operation. The object (usually user) to whom the roles should be assigned.assignmentOrder- order=0 means assignment, order>0 means inducement- Throws:
ObjectNotFoundExceptionSchemaExceptionConfigurationExceptionExpressionEvaluationExceptionCommunicationExceptionSecurityViolationException
-
getDonorFilter
<T extends ObjectType> ObjectFilter getDonorFilter(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
Returns filter for lookup of donors of power of attorney. The donors are the users that have granted the power of attorney to the currently logged-in user.TODO: authorization limitations
- Parameters:
searchResultType- type of the expected search resultsorigFilter- original filter (e.g. taken from GUI search bar)targetAuthorizationAction- Authorization action that the attorney is trying to execute on behalf of donor. Only donors for which the use of this authorization was not limited will be returned (that does not necessarily mean that the donor is able to execute this action, it may be limited by donor's authorizations). If the parameter is null then all donors are returned.task- taskparentResult- operation result- Returns:
- original filter with AND clause limiting the search.
- Throws:
SchemaExceptionObjectNotFoundExceptionExpressionEvaluationExceptionCommunicationExceptionConfigurationExceptionSecurityViolationException
-
canSearch
<T extends ObjectType,O extends ObjectType> boolean canSearch(Class<T> resultType, Class<O> objectType, String objectOid, boolean includeSpecial, ObjectQuery query, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
TODO Question: does object make any sense here? E.g. when searching role members, the role OID should be determined from the query.- Parameters:
includeSpecial- include special authorizations, such as "self". If set to false those authorizations will be ignored. This is a good way to avoid interference of "self" when checking for authorizations such as ability to display role members.- Throws:
ObjectNotFoundExceptionCommunicationExceptionSchemaExceptionConfigurationExceptionSecurityViolationExceptionExpressionEvaluationException
-
getAllowedRequestAssignmentItems
<O extends ObjectType,R extends AbstractRoleType> com.evolveum.midpoint.security.enforcer.api.ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
Returns decisions for individual items for "assign" authorization. This is usually applicable to assignment parameters. The decisions are evaluated using the security context of a currently logged-in user.- Parameters:
object- object of the operation (user)target- target of the operation (role, org, service that is being assigned)- Throws:
SchemaExceptionSecurityViolationExceptionObjectNotFoundExceptionExpressionEvaluationExceptionCommunicationExceptionConfigurationException
-
getSecurityPolicy
<F extends FocusType> SecurityPolicyType getSecurityPolicy(PrismObject<F> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
-
getSecurityPolicy
SecurityPolicyType getSecurityPolicy(RefinedObjectClassDefinition rOCDef, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException
-
getAuthenticationPolicy
AuthenticationsPolicyType getAuthenticationPolicy(PrismObject<UserType> user, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns an authentications policies as defined in the system configuration security policy. This method is designed to be used during registration process or reset password process. security questions, etc).- Parameters:
task-parentResult-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException- No system configuration or other major system inconsistencySchemaException- Wrong schema or content of security policyCommunicationExceptionConfigurationExceptionSecurityViolationExceptionExpressionEvaluationException
-
getFlowPolicy
RegistrationsPolicyType getFlowPolicy(PrismObject<? extends FocusType> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns a policy for registration, e.g. type of the supported registrations (self, social,...)- Parameters:
focus- focus for who the policy should applytask-parentResult-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException- No system configuration or other major system inconsistencySchemaException- Wrong schema or content of security policyCommunicationExceptionConfigurationExceptionSecurityViolationExceptionExpressionEvaluationException
-
getCredentialsPolicy
CredentialsPolicyType getCredentialsPolicy(PrismObject<? extends FocusType> focus, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns a credential policy that applies to the specified user. This method is designed to be used during credential reset so the GUI has enough information to set up the credential (e.g. password policies, security questions, etc).- Parameters:
focus- focus for who the policy should applytask-parentResult-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException- No system configuration or other major system inconsistencySchemaException- Wrong schema or content of security policyCommunicationExceptionConfigurationExceptionSecurityViolationExceptionExpressionEvaluationException
-
getCompiledGuiProfile
@NotNull @NotNull CompiledGuiProfile getCompiledGuiProfile(com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
Returns currently applicable user profile, compiled for efficient use in the user interface. Use profile contains configuration, customization and user preferences for the user interface. Note: This operation bypasses the authorizations. It will always return the value regardless whether the current user is authorized to read the underlying objects or not. However, it will always return only values applicable for current user, therefore the authorization might be considered to be implicit in this case.
-
getLoggedInPrincipals
List<UserSessionManagementType> getLoggedInPrincipals(com.evolveum.midpoint.task.api.Task task, OperationResult result)
- Returns:
- list of logged in users with at least 1 active session (clusterwide)
-
terminateSessions
void terminateSessions(com.evolveum.midpoint.TerminateSessionEvent terminateSessionEvent, com.evolveum.midpoint.task.api.Task task, OperationResult result)Terminates specified sessions (clusterwide).
-
getSystemConfiguration
SystemConfigurationType getSystemConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException
-
getDeploymentInformationConfiguration
DeploymentInformationType getDeploymentInformationConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException
-
getAuditConfiguration
SystemConfigurationAuditType getAuditConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException
-
getMergeConfiguration
List<MergeConfigurationType> getMergeConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException
-
getCertificationConfiguration
AccessCertificationConfigurationType getCertificationConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException
-
checkPassword
boolean checkPassword(String userOid, ProtectedStringType password, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException
Checks if the supplied password matches with current user password. This method is NOT subject to any password expiration policies, it does not update failed login counters, it does not change any data or meta-data. This method is NOT SUPPOSED to be used to validate password on login. This method is supposed to check old password when the password is changed by the user. We assume that the user already passed normal system authentication.Note: no authorizations are checked in the implementation. It is assumed that authorizations will be enforced at the page level.
- Returns:
- true if the password matches, false otherwise
- Throws:
ObjectNotFoundExceptionSchemaException
-
visualizeDeltas
List<? extends Scene> visualizeDeltas(List<ObjectDelta<? extends ObjectType>> deltas, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
-
visualizeDelta
@NotNull @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
-
visualizeDelta
@NotNull @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
-
visualizeDelta
@NotNull @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
-
visualizeDelta
@NotNull @NotNull Scene visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException
-
getConnectorOperationalStatus
List<ConnectorOperationalStatus> getConnectorOperationalStatus(String resourceOid, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
mergeObjectsPreviewDeltas
<O extends ObjectType> MergeDeltas<O> mergeObjectsPreviewDeltas(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
mergeObjectsPreviewObject
<O extends ObjectType> PrismObject<O> mergeObjectsPreviewObject(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException
-
generateNonce
<O extends ObjectType> String generateNonce(NonceCredentialsPolicyType noncePolicy, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException
-
generateValue
<O extends ObjectType> String generateValue(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, com.evolveum.midpoint.task.api.Task task, OperationResult inputResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException
TEMPORARY. Need to find out better way how to deal with generated values- Parameters:
policy-defaultLength-generateMinimalSize-object- object for which we generate the value (e.g. user or shadow)inputResult-- Returns:
- Throws:
ExpressionEvaluationExceptionSchemaExceptionObjectNotFoundExceptionCommunicationExceptionConfigurationExceptionSecurityViolationException
-
generateValue
<O extends ObjectType> void generateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
validateValue
<O extends ObjectType> void validateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException
-
getDeputyAssignees
@NotNull @NotNull List<ObjectReferenceType> getDeputyAssignees(AbstractWorkItemType workItem, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException
Gets "deputy assignees" i.e. users that are deputies of assignees. Takes limitations into account.MAY NOT CHECK AUTHORIZATIONS (uses repository directly, at least at some places) - TODO TODO parameterize on limitation kind
- Throws:
SchemaException
-
getDeputyAssignees
@NotNull @NotNull List<ObjectReferenceType> getDeputyAssignees(ObjectReferenceType assignee, QName limitationItemName, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException
- Throws:
SchemaException
-
getAssignmentEffectiveStatus
ActivationStatusType getAssignmentEffectiveStatus(String lifecycleStatus, ActivationType activationType)
Computes effective status for the current ActivationType in for an assignment
-
assumePowerOfAttorney
com.evolveum.midpoint.security.api.MidPointPrincipal assumePowerOfAttorney(PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
-
dropPowerOfAttorney
com.evolveum.midpoint.security.api.MidPointPrincipal dropPowerOfAttorney(com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
-
runUnderPowerOfAttorney
<T> T runUnderPowerOfAttorney(Producer<T> producer, PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException
-
runUnderPowerOfAttorneyChecked
default <T> T runUnderPowerOfAttorneyChecked(CheckedProducer<T> producer, PrismObject<? extends FocusType> donor, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws CommonException
- Throws:
CommonException
-
createLocalizableMessageType
@NotNull @NotNull LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateType template, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException
-
executeCredentialsReset
ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
refreshPrincipal
void refreshPrincipal(String oid, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException
-
getRelationDefinitions
List<RelationDefinitionType> getRelationDefinitions()
-
submitTaskFromTemplate
@NotNull @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, List<Item<?,?>> extensionItems, com.evolveum.midpoint.task.api.Task opTask, OperationResult result) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
submitTaskFromTemplate
@NotNull @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, Map<QName,Object> extensionValues, com.evolveum.midpoint.task.api.Task opTask, OperationResult result) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException
-
determineArchetypePolicy
<O extends AssignmentHolderType> ArchetypePolicyType determineArchetypePolicy(PrismObject<O> assignmentHolder, OperationResult result) throws SchemaException, ConfigurationException
Efficiently determines information about archetype policy applicable for a particular object. Returns null if no archetype policy is applicable. This is a "one stop" method for archetype policy in the GUI. The method returns archetype policy even for "legacy" situations, e.g. if the policy needs to be determined from system configuration using legacy subtype. GUI should not need to to any other processing to determine archetype information.This method is invoked very often, usually when any object is displayed (including display of object lists and search results). Therefore this method is supposed to be very efficient. It should be using caching as much as possible.
-
mergeArchetypePolicies
ArchetypePolicyType mergeArchetypePolicies(PrismObject<ArchetypeType> archetype, OperationResult result) throws SchemaException
- Throws:
SchemaException
-
determineAssignmentTargetSpecification
<O extends AssignmentHolderType> AssignmentCandidatesSpecification determineAssignmentTargetSpecification(PrismObject<O> assignmentHolder, OperationResult result) throws SchemaException, ConfigurationException
Returns data structure that contains information about possible assignment targets for a particular holder object.This method should be used when editing assignment holder (e.g. user) and looking for available assignment target. The determineAssignmentHolderSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
-
getFilteredArchetypesByHolderType
<O extends AssignmentHolderType> List<ArchetypeType> getFilteredArchetypesByHolderType(PrismObject<O> object, OperationResult result) throws SchemaException
This method is used to differentiate which archetypes can be added to object with holderType type. e.g. when changing archetype within Change archetype functionality should provide only those archetypes which can be assigned according to holderType.- Throws:
SchemaException
-
determineAssignmentHolderSpecification
<O extends AbstractRoleType> AssignmentCandidatesSpecification determineAssignmentHolderSpecification(PrismObject<O> assignmentTarget, OperationResult result) throws SchemaException, ConfigurationException
Returns data structure that contains information about possible assignment holders for a particular target object.This method should be used when editing assignment target (role, org, service) and looking for object that can be potential members. The determineAssignmentTargetSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
-
evaluateCollectionPolicyRules
@Experimental @NotNull @NotNull Collection<EvaluatedPolicyRule> evaluateCollectionPolicyRules(@NotNull @NotNull PrismObject<ObjectCollectionType> collection, @Nullable @Nullable CompiledObjectCollectionView collectionView, @Nullable @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull @NotNull OperationResult result) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
Returns all policy rules that apply to the collection. Later, the policy rules are compiled from all the applicable sources (target, meta-roles, etc.). But for now we support only policy rules that are directly placed in collection assignments. EXPERIMENTAL. Quite likely to change later.
-
compileObjectCollectionView
@Experimental @NotNull @NotNull CompiledObjectCollectionView compileObjectCollectionView(@NotNull @NotNull CollectionRefSpecificationType collection, @Nullable @Nullable Class<? extends Containerable> targetTypeClass, @NotNull @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull @NotNull OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException
-
determineCollectionStats
@Experimental @NotNull <O extends ObjectType> @NotNull CollectionStats determineCollectionStats(@NotNull @NotNull CompiledObjectCollectionView collectionView, @NotNull @NotNull com.evolveum.midpoint.task.api.Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException, ExpressionEvaluationException
-
applyView
@Experimental void applyView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType)
Applying all GuiObjectListViewsType to CompiledObjectCollectionView
-
compileView
void compileView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException
Compile object list view together with collection ref specification if present
-
validateValue
@Experimental <O extends ObjectType> List<StringLimitationResult> validateValue(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, com.evolveum.midpoint.task.api.Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
processObjectsFromCollection
@Experimental void processObjectsFromCollection(CollectionRefSpecificationType collection, QName typeForFilter, Predicate<PrismContainer> handler, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result, boolean recordProgress) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
TODO document
-
getSearchSpecificationFromCollection
@Experimental <C extends Containerable> ModelInteractionService.SearchSpec<C> getSearchSpecificationFromCollection(CompiledObjectCollectionView collection, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws ConfigurationException, SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ObjectNotFoundException
TODO document and clean up the interface
-
searchObjectsFromCollection
@Experimental List<? extends Containerable> searchObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
countObjectsFromCollection
@Experimental Integer countObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, com.evolveum.midpoint.task.api.Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException
-
-