public boolean hasAttributePathOverride(ManagedType type, ItemPath pathOverride) { Map<UniformItemPath, Attribute> overrides = attributeNamePathOverrides.get(type); if (overrides == null) { return false; } ItemPath namedOnly = pathOverride.namedSegmentsOnly(); for (UniformItemPath path : overrides.keySet()) { if (path.isSuperPathOrEquivalent(namedOnly)) { return true; } } return false; }
private boolean isMetadata(ItemDelta delta) { ItemPath named = delta.getPath().namedSegmentsOnly(); return ObjectType.F_METADATA.equivalent(named); }
private <F extends ObjectType> AuthorizationDecisionType evaluateCredentialDecision(LensContext<F> context, ObjectSecurityConstraints securityConstraints, ItemDelta credentialChange) { return securityConstraints.findItemDecision(credentialChange.getPath().namedSegmentsOnly(), ModelAuthorizationAction.CHANGE_CREDENTIALS.getUrl(), getRequestAuthorizationPhase(context)); }
private <T extends ObjectType> boolean isObjectTextInfoRecomputationNeeded(Class<T> type, Collection<? extends ItemDelta> modifications) { FullTextSearchConfigurationType config = repositoryService.getFullTextSearchConfiguration(); if (!FullTextSearchConfigurationUtil.isEnabled(config)) { return false; } Set<ItemPath> paths = FullTextSearchConfigurationUtil.getFullTextSearchItemPaths(config, type); for (ItemDelta modification : modifications) { ItemPath namesOnly = modification.getPath().namedSegmentsOnly(); for (ItemPath path : paths) { if (path.startsWith(namesOnly)) { return true; } } } return false; }
private boolean containsItem(ItemDelta itemDelta, ItemPath itemPath) { ItemPath namesOnlyPathTested = itemPath.namedSegmentsOnly(); ItemPath namesOnlyPathInDelta = itemDelta.getPath().namedSegmentsOnly(); if (namesOnlyPathTested.isSubPathOrEquivalent(namesOnlyPathInDelta)) { return true; } // however, we can add/delete whole container (containing part of the path) // e.g. we can test for activation/administrativeStatus, and the delta is: // ADD activation VALUE (administrativeStatus=ENABLED) if (!namesOnlyPathInDelta.isSubPath(namesOnlyPathTested)) { return false; } // for ADD values we know // for REPLACE values we know - for values being added, but NOT for values being left behind // for DELETE we have a problem if we are deleting "by ID" - we just don't know if the value being deleted contains the path in question or not ItemPath remainder = namesOnlyPathTested.remainder(namesOnlyPathInDelta); return containsItemInValues(itemDelta.getValuesToAdd(), remainder) || containsItemInValues(itemDelta.getValuesToReplace(), remainder) || containsItemInValues(itemDelta.getValuesToDelete(), remainder); }
continue; ItemPath nameOnlyItemPath = itemPath.namedSegmentsOnly(); AuthorizationDecisionType itemReadDecision = computeItemDecision(securityConstraints, nameOnlyItemPath, ModelAuthorizationAction.AUTZ_ACTIONS_URLS_GET, defaultReadDecision, phase); AuthorizationDecisionType itemAddDecision = computeItemDecision(securityConstraints, nameOnlyItemPath, ModelAuthorizationAction.AUTZ_ACTIONS_URLS_ADD, defaultReadDecision, phase);
@Override public RAssignment map(AssignmentType input, MapperContext context) { RAssignment ass = new RAssignment(); ItemDelta delta = context.getDelta(); ItemPath path = delta.getPath().namedSegmentsOnly(); if (path.startsWithName(FocusType.F_ASSIGNMENT)) { ass.setAssignmentOwner(RAssignmentOwner.FOCUS); } else { ass.setAssignmentOwner(RAssignmentOwner.ABSTRACT_ROLE); } RObject owner = (RObject) context.getOwner(); try { RAssignment.fromJaxb(input, ass, owner, context.getRepositoryContext()); } catch (DtoTranslationException ex) { throw new SystemException("Couldn't translate assignment to entity", ex); } return ass; } }
for (Item<?, ?> item: items) { ItemPath itemPath = item.getPath(); AccessDecision itemDecision = itemDecisionFunction.decide(itemPath.namedSegmentsOnly(), removingContainer); logSubitemDecision(itemDecision, decisionContextDesc, itemPath); if (itemDecision == null) {
/** * Checks if we do not try to modify assignment.targetRef or assignment.construction.kind or intent. * * @param context * @param <F> * @throws SchemaException */ private <F extends AssignmentHolderType> void checkAssignmentDeltaSanity(LensContext<F> context) throws SchemaException { ObjectDelta<F> focusDelta = context.getFocusContext().getDelta(); if (focusDelta == null || !focusDelta.isModify() || focusDelta.getModifications() == null) { return; } for (@SuppressWarnings("rawtypes") ItemDelta itemDelta : focusDelta.getModifications()) { ItemPath itemPath = itemDelta.getPath().namedSegmentsOnly(); if (SchemaConstants.PATH_ASSIGNMENT_TARGET_REF.isSubPathOrEquivalent(itemPath)) { throw new SchemaException("It is not allowed to change targetRef in an assignment. Offending path: " + itemPath); } if (SchemaConstants.PATH_ASSIGNMENT_CONSTRUCTION_KIND.isSubPathOrEquivalent(itemPath)) { throw new SchemaException("It is not allowed to change construction.kind in an assignment. Offending path: " + itemPath); } if (SchemaConstants.PATH_ASSIGNMENT_CONSTRUCTION_INTENT.isSubPathOrEquivalent(itemPath)) { throw new SchemaException("It is not allowed to change construction.intent in an assignment. Offending path: " + itemPath); } // TODO some mechanism to detect changing kind/intent by add/delete/replace whole ConstructionType (should be implemented in the caller) } }
for (ItemDelta<?,?> itemDelta: delta.getModifications()) { ItemPath itemPath = itemDelta.getPath(); AccessDecision itemDecision = itemDecisionFunction.decide(itemPath.namedSegmentsOnly(), false); if (itemDecision == null) {
assertFalse(pathFooBar.isSubPathOrEquivalent(pathFoo123BazBaz)); assertTrue(pathFooBar.isSubPathOrEquivalent(pathFoo123BarBaz.namedSegmentsOnly()));