public static boolean limitationsAllow(List<OtherPrivilegesLimitationType> limitations, QName itemName, AbstractWorkItemType workItem) { return limitationsAllow(limitations, itemName); // temporary solution; we do not use work items selectors yet } }
@NotNull public static Collection<String> getDelegatorOids(@NotNull UserType user, @NotNull RelationRegistry relationRegistry) { return getDelegatorReferences(user, relationRegistry).stream() .map(PrismReferenceValue::getOid) .collect(Collectors.toList()); }
public static boolean isDelegationPath(@NotNull AssignmentPath assignmentPath, @NotNull RelationRegistry relationRegistry) { for (AssignmentPathSegment segment : assignmentPath.getSegments()) { if (!isDelegationAssignment(segment.getAssignment(), relationRegistry)) { return false; } } return true; }
if (!DeputyUtils.isDelegationAssignment(assignmentType, relationRegistry)) { continue; && DeputyUtils.isDelegationPath(target.getAssignmentPath(), relationRegistry) && ObjectTypeUtil.containsOid(assignees, target.getTarget().getOid())) { List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath()); if (workItem != null && DeputyUtils.limitationsAllow(limitations, privilegeLimitationItemName, workItem) || workItem == null && DeputyUtils.limitationsAllow(limitations, privilegeLimitationItemName)) { return true;
&& DeputyUtils.isDelegationPath(target.getAssignmentPath(), relationRegistry)) { List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath()); principal.addDelegatorWithOtherPrivilegesLimitations(new DelegatorWithOtherPrivilegesLimitations( (UserType) target.getTarget().asObjectable(), limitations));
public static boolean isDelegationPresent(@NotNull UserType deputy, @NotNull String delegatorOid, @NotNull RelationRegistry relationRegistry) { return getDelegatorOids(deputy, relationRegistry).contains(delegatorOid); }
public boolean isEqualOrDeputyOf(MidPointPrincipal principal, String eligibleUserOid, RelationRegistry relationRegistry) { return principal.getOid().equals(eligibleUserOid) || DeputyUtils.isDelegationPresent(principal.getUser(), eligibleUserOid, relationRegistry); }
private static List<PrismReferenceValue> getPotentialAssigneesForUser(MidPointPrincipal principal, QName limitationItemName, RelationRegistry relationRegistry) { // As for relations, WorkItem.assigneeRef should contain only the default ones. QName defaultRelation = relationRegistry.getDefaultRelation(); List<PrismReferenceValue> rv = new ArrayList<>(); rv.add(ObjectTypeUtil.createObjectRef(principal.getOid(), ObjectTypes.USER).relation(defaultRelation).asReferenceValue()); for (DelegatorWithOtherPrivilegesLimitations delegator : principal.getDelegatorWithOtherPrivilegesLimitationsCollection()) { if (DeputyUtils.limitationsAllow(delegator.getLimitations(), limitationItemName)) { rv.add(ObjectTypeUtil.createObjectRef(delegator.getDelegator(), defaultRelation).asReferenceValue()); } } return rv; }
protected List<PrismReferenceValue> getPotentialAssignees(PrismObject<UserType> user) { List<PrismReferenceValue> rv = new ArrayList<>(); rv.add(ObjectTypeUtil.createObjectRef(user, prismContext).asReferenceValue()); rv.addAll(DeputyUtils.getDelegatorReferences(user.asObjectable(), relationRegistry)); return rv; }
private void collectMembershipRefVal(PrismReferenceValue membershipRefVal, Class<? extends ObjectType> targetClass, QName relation, Object targetDesc, EvaluationContext ctx) { if (ctx.assignmentPath.getSegments().stream().anyMatch(aps -> DeputyUtils.isDelegationAssignment(aps.getAssignment(ctx.evaluateOld), relationRegistry))) { addIfNotThere(ctx.evalAssignment.getDelegationRefVals(), ctx.evalAssignment::addDelegationRefVal, membershipRefVal, "delegationRef", targetDesc); } else { if (AbstractRoleType.class.isAssignableFrom(targetClass)) { addIfNotThere(ctx.evalAssignment.getMembershipRefVals(), ctx.evalAssignment::addMembershipRefVal, membershipRefVal, "membershipRef", targetDesc); } } if (OrgType.class.isAssignableFrom(targetClass) && relationRegistry.isStoredIntoParentOrgRef(relation)) { addIfNotThere(ctx.evalAssignment.getOrgRefVals(), ctx.evalAssignment::addOrgRefVal, membershipRefVal, "orgRef", targetDesc); } if (ArchetypeType.class.isAssignableFrom(targetClass)) { addIfNotThere(ctx.evalAssignment.getArchetypeRefVals(), ctx.evalAssignment::addArchetypeRefVal, membershipRefVal, "archetypeRef", targetDesc); } }