Class ExpressionProfileManager
java.lang.Object
com.evolveum.midpoint.model.common.expression.ExpressionProfileManager
Manages (cached) expression profiles.
Because of implementation reasons, the profiles are cached within
SystemObjectCache.
This probably should change in the future, along with moving this class to `repo-common` (at least partly).-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription@NotNull ExpressionProfiledetermineBulkActionsProfile(@NotNull ConfigurationItemOrigin origin, boolean privileged, @NotNull Task task, @NotNull OperationResult result) Special version ofdetermineExpressionProfileUnsafe(ConfigurationItemOrigin, OperationResult)for scripting (bulk actions).<O extends ObjectType>
@NotNull ExpressionProfiledetermineExpressionProfile(@NotNull PrismObject<O> object, @NotNull OperationResult result) ReturnsExpressionProfilefor given object, based on its archetype policy.@NotNull ExpressionProfiledetermineExpressionProfileStrict(@NotNull ConfigurationItemOrigin origin, @NotNull Task task, @NotNull OperationResult result) DeterminesExpressionProfilefor given configuration item origin.@NotNull ExpressionProfiledetermineExpressionProfileUnsafe(@NotNull ConfigurationItemOrigin origin, @NotNull OperationResult result) DeterminesExpressionProfilefor given configuration item origin.@NotNull ExpressionProfileOrigin for custom workflow notifications is blurred, because they travel from policy rules to object triggers.
-
Constructor Details
-
ExpressionProfileManager
public ExpressionProfileManager()
-
-
Method Details
-
determineExpressionProfile
@NotNull public <O extends ObjectType> @NotNull ExpressionProfile determineExpressionProfile(@NotNull @NotNull PrismObject<O> object, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException ReturnsExpressionProfilefor given object, based on its archetype policy. If no explicit profile can be found, theExpressionProfile.full()is returned. This is the legacy (pre-4.8) behavior. -
determineExpressionProfileStrict
@NotNull public @NotNull ExpressionProfile determineExpressionProfileStrict(@NotNull @NotNull ConfigurationItemOrigin origin, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ObjectNotFoundException DeterminesExpressionProfilefor given configuration item origin. Does not allow undetermined profiles, and treats external profiles with care. -
determineExpressionProfileUnsafe
@NotNull public @NotNull ExpressionProfile determineExpressionProfileUnsafe(@NotNull @NotNull ConfigurationItemOrigin origin, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException DeterminesExpressionProfilefor given configuration item origin. FIXME this is a transitory, unsafe implementation: various unknown/external origins are treated as trustworthy. This should be changed before expression profiles are declared fully functional. -
determineBulkActionsProfile
@NotNull public @NotNull ExpressionProfile determineBulkActionsProfile(@NotNull @NotNull ConfigurationItemOrigin origin, boolean privileged, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ObjectNotFoundException Special version ofdetermineExpressionProfileUnsafe(ConfigurationItemOrigin, OperationResult)for scripting (bulk actions). It is not as permissive: some origins are banned, and the default for non-root users is the restricted profile (unless `privileged` is set to true - in order to provide backwards compatibility with 4.7). -
getProfileForCustomWorkflowNotifications
@NotNull public @NotNull ExpressionProfile getProfileForCustomWorkflowNotifications(OperationResult result) throws SchemaException, ConfigurationException Origin for custom workflow notifications is blurred, because they travel from policy rules to object triggers. Hence, we should either disable them completely, or use a safe profile for them.
-