private boolean containsRelation(MultiplicityPolicyConstraintType constraint, QName relation) { return getConstraintRelations(constraint).stream() .anyMatch(constraintRelation -> prismContext.relationMatches(constraintRelation, relation)); }
private boolean relationMatches(QName assignmentRelation, List<QName> scopeRelations) { return (!scopeRelations.isEmpty() ? scopeRelations : Collections.singletonList(prismContext.getDefaultRelation())) .stream().anyMatch(r -> prismContext.relationMatches(r, assignmentRelation)); }
private <AH extends AssignmentHolderType> boolean relationMatches(AssignmentModificationPolicyConstraintType constraint, AssignmentPolicyRuleEvaluationContext<AH> ctx) { List<QName> relationsToCheck = constraint.getRelation().isEmpty() ? singletonList(null) : constraint.getRelation(); for (QName constraintRelation : relationsToCheck) { if (prismContext.relationMatches(constraintRelation, ctx.evaluatedAssignment.getNormalizedRelation(relationRegistry))) { return true; } } return false; }
private boolean relationMatches(QName primaryRelationToMatch, List<QName> secondaryRelationsToMatch, AssignmentType assignment) { if (assignment == null || assignment.getTargetRef() == null) { return false; // shouldn't occur } List<QName> relationsToMatch = primaryRelationToMatch != null ? Collections.singletonList(primaryRelationToMatch) : new ArrayList<>(secondaryRelationsToMatch); if (relationsToMatch.isEmpty()) { relationsToMatch.add(prismContext.getDefaultRelation()); } return prismContext.relationMatches(relationsToMatch, assignment.getTargetRef().getRelation()); } }
@Override public Collection<String> getOrgUnits(UserType user, QName relation, boolean preAuthorized) { Set<String> retval = new HashSet<>(); if (user == null) { return retval; } for (ObjectReferenceType orgRef : user.getParentOrgRef()) { if (prismContext.relationMatches(relation, orgRef.getRelation())) { retval.add(orgRef.getOid()); } } return retval; }
public static <O extends ObjectType> boolean hasOrg(PrismObject<O> user, String orgOid, QName relation) { for (ObjectReferenceType orgRef: user.asObjectable().getParentOrgRef()) { if (orgOid.equals(orgRef.getOid()) && getPrismContext().relationMatches(relation, orgRef.getRelation())) { return true; } } return false; }
public static boolean referenceMatches(ObjectReferenceType ref, String targetOid, QName targetType, QName relation, PrismContext prismContext) { if (ref == null) { return false; } if (targetOid != null) { if (!targetOid.equals(ref.getOid())) { return false; } } if (targetType != null) { if (!QNameUtil.match(ref.getType(), targetType)) { return false; } } if (relation != null) { if (!prismContext.relationMatches(relation, ref.getRelation())) { return false; } } return true; }
public static void assertAssigned(PrismObject<? extends FocusType> focus, String targetOid, QName refType, QName relation) { FocusType focusType = focus.asObjectable(); for (AssignmentType assignmentType: focusType.getAssignment()) { ObjectReferenceType targetRef = assignmentType.getTargetRef(); if (targetRef != null) { if (refType.equals(targetRef.getType())) { if (targetOid.equals(targetRef.getOid()) && getPrismContext().relationMatches(targetRef.getRelation(), relation)) { return; } } } } AssertJUnit.fail(focus + " does not have assigned "+refType.getLocalPart()+" "+targetOid+ ", relation "+relation); }
protected <F extends FocusType> void assertRoleMembershipRef(PrismObject<F> focus, QName relation, String... roleOids) { if (!MiscUtil.unorderedCollectionEquals(Arrays.asList(roleOids), focus.asObjectable().getRoleMembershipRef(), (expectedOid, hasRef) -> { if (!expectedOid.equals(hasRef.getOid())) { return false; } if (!prismContext.relationMatches(relation, hasRef.getRelation())) { return false; } return true; })) { AssertJUnit.fail("Wrong values in roleMembershipRef in "+focus +", expected relation "+relation+", OIDs "+Arrays.toString(roleOids) +", but was "+focus.asObjectable().getRoleMembershipRef()); } }
protected AssignmentType getUserAssignment(String userOid, String roleOid, QName relation) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException { PrismObject<UserType> user = getUser(userOid); List<AssignmentType> assignments = user.asObjectable().getAssignment(); for (AssignmentType assignment: assignments) { ObjectReferenceType targetRef = assignment.getTargetRef(); if (targetRef != null && roleOid.equals(targetRef.getOid()) && prismContext.relationMatches(relation, targetRef.getRelation())) { return assignment; } } return null; }
public static <F extends FocusType> void assertNotAssignedOrg(PrismObject<F> user, String orgOid, QName relation) { F userType = user.asObjectable(); for (AssignmentType assignmentType: userType.getAssignment()) { ObjectReferenceType targetRef = assignmentType.getTargetRef(); if (targetRef != null) { if (OrgType.COMPLEX_TYPE.equals(targetRef.getType())) { if (orgOid.equals(targetRef.getOid()) && getPrismContext().relationMatches(relation, targetRef.getRelation())) { AssertJUnit.fail(user + " does have assigned OrgType "+orgOid+" with relation "+relation+" while not expecting it"); } } } } }
@Override public Collection<OrgType> getParentOrgs(ObjectType object, QName relation, String orgType, boolean preAuthorized) throws SchemaException, SecurityViolationException { List<ObjectReferenceType> parentOrgRefs = object.getParentOrgRef(); List<OrgType> parentOrgs = new ArrayList<>(parentOrgRefs.size()); for (ObjectReferenceType parentOrgRef: parentOrgRefs) { if (!prismContext.relationMatches(relation, parentOrgRef.getRelation())) { continue; } OrgType parentOrg; try { parentOrg = getObject(OrgType.class, parentOrgRef.getOid(), preAuthorized); } catch (ObjectNotFoundException e) { LOGGER.warn("Org "+parentOrgRef.getOid()+" specified in parentOrgRef in "+object+" was not found: "+e.getMessage(), e); // but do not rethrow, just skip this continue; } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException e) { // This should not happen. throw new SystemException(e.getMessage(), e); } if (orgType == null || determineSubTypes(parentOrg).contains(orgType)) { parentOrgs.add(parentOrg); } } return parentOrgs; }
public static boolean referenceMatches(ObjectReferenceType refPattern, ObjectReferenceType ref, PrismContext prismContext) { if (refPattern.getOid() != null && !refPattern.getOid().equals(ref.getOid())) { return false; } if (refPattern.getType() != null && !QNameUtil.match(refPattern.getType(), ref.getType())) { return false; } if (!prismContext.relationMatches(refPattern.getRelation(), ref.getRelation())) { return false; } return true; }
private <O extends ObjectType> boolean matchesRoleRelation(PrismObject<O> object, ObjectReferenceType subjectRoleMembershipRef, RoleRelationObjectSpecificationType specRoleRelation, String autzHumanReadableDesc, String desc) throws SchemaException { if (!prismContext.relationMatches(specRoleRelation.getSubjectRelation(), subjectRoleMembershipRef.getRelation())) { return false; } if (BooleanUtils.isTrue(specRoleRelation.isIncludeReferenceRole()) && subjectRoleMembershipRef.getOid().equals(object.getOid())) { return true; } if (!BooleanUtils.isFalse(specRoleRelation.isIncludeMembers())) { if (!object.canRepresent(FocusType.class)) { return false; } for (ObjectReferenceType objectRoleMembershipRef: ((FocusType)object.asObjectable()).getRoleMembershipRef()) { if (!subjectRoleMembershipRef.getOid().equals(objectRoleMembershipRef.getOid())) { continue; } if (!prismContext.relationMatches(specRoleRelation.getObjectRelation(), objectRoleMembershipRef.getRelation())) { continue; } return true; } } return false; }
private <O extends ObjectType> boolean matchesOrgRelation(PrismObject<O> object, ObjectReferenceType subjectParentOrgRef, OrgRelationObjectSpecificationType specOrgRelation, String autzHumanReadableDesc, String desc) throws SchemaException { if (!prismContext.relationMatches(specOrgRelation.getSubjectRelation(), subjectParentOrgRef.getRelation())) { return false; } if (BooleanUtils.isTrue(specOrgRelation.isIncludeReferenceOrg()) && subjectParentOrgRef.getOid().equals(object.getOid())) { return true; } if (specOrgRelation.getScope() == null) { return repositoryService.isDescendant(object, subjectParentOrgRef.getOid()); } switch (specOrgRelation.getScope()) { case ALL_DESCENDANTS: return repositoryService.isDescendant(object, subjectParentOrgRef.getOid()); case DIRECT_DESCENDANTS: return hasParentOrgRef(object, subjectParentOrgRef.getOid()); case ALL_ANCESTORS: return repositoryService.isAncestor(object, subjectParentOrgRef.getOid()); default: throw new UnsupportedOperationException("Unknown orgRelation scope "+specOrgRelation.getScope()); } }
boolean isRoleOidOk = false; for (ObjectReferenceType subjectRoleMembershipRef: principal.getUser().getRoleMembershipRef()) { if (!prismContext.relationMatches(subjectRelation, subjectRoleMembershipRef.getRelation())) { continue;
QName subjectRelation = specOrgRelation.getSubjectRelation(); for (ObjectReferenceType subjectParentOrgRef: principal.getUser().getParentOrgRef()) { if (prismContext.relationMatches(subjectRelation, subjectParentOrgRef.getRelation())) { S_FilterEntryOrEmpty q = prismContext.queryFor(ObjectType.class); S_AtomicFilterExit q2;