Interface ModelInteractionService
- All Known Implementing Classes:
ModelInteractionServiceImpl
- Author:
- Radovan Semancik
-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Method Summary
Modifier and TypeMethodDescriptionvoid
applyDefinitions
(ShadowType shadow, Task task, OperationResult result) Helper method to properly apply definitions to shadow.void
applyView
(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType) Applying all GuiObjectListViewsType to CompiledObjectCollectionViewassignmentTypeDefinitionWithConcreteTargetRefType
(PrismContainerDefinition<AssignmentType> orig, QName targetType) Returns Container Definition of Assignment Type with target type of assignment replaced by more concrete situation This allows for using more specific definition when searching for definitions for dereference, in GUI search or columns where we are sure (on other criteria) only assignment types we are processing have concrete target type.assumePowerOfAttorney
(PrismObject<? extends FocusType> donor, Task task, OperationResult result) void
authorizeBulkActionExecution
(@Nullable BulkAction action, @Nullable AuthorizationPhaseType phase, Task task, OperationResult result) Just a convenience method that checks that relevant authorization is present.boolean
checkPassword
(String userOid, ProtectedStringType password, Task task, OperationResult parentResult) Checks if the supplied password matches with current user password.@NotNull CompiledObjectCollectionView
compileObjectCollectionView
(@NotNull CollectionRefSpecificationType collection, @Nullable Class<? extends Containerable> targetTypeClass, @NotNull Task task, @NotNull OperationResult result) void
compileView
(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType, Task task, OperationResult result) Compile object list view together with collection ref specification if presentcountObjectsFromCollection
(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, Task task, OperationResult result) @NotNull TaskType
createExecutionTask
(@NotNull ActivityDefinitionType activityDefinition, @NotNull ActivitySubmissionOptions options, @NotNull Task task, @NotNull OperationResult result) Assubmit(ActivityDefinitionType, ActivitySubmissionOptions, Task, OperationResult)
but only prepares the task for execution; does not submit it.@NotNull LocalizableMessageType
createLocalizableMessageType
(LocalizableMessageTemplateType template, VariablesMap variables, Task task, OperationResult result) <O extends AssignmentHolderType>
ArchetypePolicyTypedetermineArchetypePolicy
(PrismObject<O> assignmentHolder, OperationResult result) Efficiently determines information about archetype policy applicable for a particular object.determineAssignmentHolderSpecification
(PrismObject<O> assignmentTarget, OperationResult result) Returns data structure that contains information about possible assignment holders for a particular target object.determineAssignmentTargetSpecification
(PrismObject<O> assignmentHolder, OperationResult result) Returns data structure that contains information about possible assignment targets for a particular holder object.@NotNull CollectionStats
determineCollectionStats
(@NotNull CompiledObjectCollectionView collectionView, @NotNull Task task, @NotNull OperationResult result) <F extends FocusType>
NonceCredentialsPolicyTypedetermineNonceCredentialsPolicy
(PrismObject<F> user, String credentialsName, Task task, OperationResult result) dropPowerOfAttorney
(Task task, OperationResult result) @NotNull Collection<EvaluatedPolicyRule>
evaluateCollectionPolicyRules
(@NotNull PrismObject<ObjectCollectionType> collection, @Nullable CompiledObjectCollectionView preCompiledView, @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull Task task, @NotNull OperationResult result) Returns all policy rules that apply to the collection.executeCredentialsReset
(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult result) <X> X
executeWithSimulationResult
(@NotNull TaskExecutionMode mode, @Nullable SimulationDefinitionType simulationDefinition, @NotNull Task task, @NotNull OperationResult result, @NotNull SimulationResultManager.SimulatedFunctionCall<X> functionCall) Executes the code in `functionCall` parameter (SimulationResultManager.SimulatedFunctionCall
) in the simulation mode (`mode` parameter), with the provided simulation result definition.void
expandConfigurationObject
(@NotNull PrismObject<? extends ObjectType> configurationObject, @NotNull Task task, @NotNull OperationResult result) SeeProvisioningService.expandConfigurationObject(PrismObject, Task, OperationResult)
for the description.<O extends ObjectType>
StringgenerateNonce
(NonceCredentialsPolicyType noncePolicy, Task task, OperationResult result) <O extends ObjectType>
voidgenerateValue
(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) <O extends ObjectType>
StringgenerateValue
(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, Task task, OperationResult inputResult) TEMPORARY.Collection<? extends DisplayableValue<String>>
Returns a collection of all authorization actions known to the system.<O extends ObjectType,
R extends AbstractRoleType>
ItemSecurityConstraintsgetAllowedRequestAssignmentItems
(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) Returns decisions for individual items for "assign" authorization.<H extends AssignmentHolderType,
R extends AbstractRoleType>
RoleSelectionSpecificationgetAssignableRoleSpecification
(@NotNull PrismObject<H> assignmentHolder, Class<R> targetType, int assignmentOrder, Task task, OperationResult parentResult) Returns an object that defines which roles can be assigned by the currently logged-in user.getAssignmentEffectiveStatus
(String lifecycleStatus, ActivationType activationType) Computes effective status for the current ActivationType in for an assignmentgetAuditConfiguration
(OperationResult parentResult) getAuthenticationPolicy
(PrismObject<UserType> user, Task task, OperationResult parentResult) Returns an authentications policies as defined in the system configuration security policy.getCertificationConfiguration
(OperationResult parentResult) @NotNull CompiledGuiProfile
getCompiledGuiProfile
(Task task, OperationResult parentResult) Returns currently applicable user profile, compiled for efficient use in the user interface.getConnectorOperationalStatus
(String resourceOid, Task task, OperationResult parentResult) getCredentialsPolicy
(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) Returns a credential policy that applies to the specified user.getDeploymentInformationConfiguration
(OperationResult parentResult) @NotNull List<ObjectReferenceType>
getDeputyAssignees
(AbstractWorkItemType workItem, Task task, OperationResult parentResult) Gets "deputy assignees" i.e.@NotNull List<ObjectReferenceType>
getDeputyAssignees
(ObjectReferenceType assignee, OtherPrivilegesLimitations.Type limitationType, Task task, OperationResult result) <T extends ObjectType>
ObjectFiltergetDonorFilter
(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, Task task, OperationResult parentResult) Returns filter for lookup of donors of power of attorney.getEditObjectClassDefinition
(@NotNull PrismObject<ShadowType> shadow, @NotNull PrismObject<ResourceType> resource, AuthorizationPhaseType phase, Task task, OperationResult result) Returns an object definition that reflects edit-ability of the resource object in terms of midPoint schema limitations and security.<O extends ObjectType>
PrismObjectDefinition<O>getEditObjectDefinition
(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult result) Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security.getEditShadowDefinition
(ResourceShadowCoordinates coordinates, AuthorizationPhaseType phase, Task task, OperationResult result) <O extends AssignmentHolderType>
List<ArchetypeType>getFilteredArchetypesByHolderType
(PrismObject<O> object, OperationResult result) This method is used to differentiate which archetypes can be added to object with holderType type.<O extends AssignmentHolderType>
List<ArchetypeType>getFilteredArchetypesByHolderType
(Class<O> objectType, OperationResult result) getFlowPolicy
(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) Returns a policy for registration, e.g.getLoggedInPrincipals
(Task task, OperationResult result) getMergeConfiguration
(OperationResult parentResult) <O extends ObjectType>
MetadataItemProcessingSpecgetMetadataItemProcessingSpec
(ItemPath metadataItemPath, PrismObject<O> object, Task task, OperationResult result) Returns specification of processing of given metadata item (e.g.getSearchSpecificationFromCollection
(CompiledObjectCollectionView collection, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, Task task, OperationResult result) TODO document and clean up the interface<F extends FocusType>
SecurityPolicyTypegetSecurityPolicy
(PrismObject<F> focus, String archetypeOid, Task task, OperationResult parentResult) getSecurityPolicy
(ResourceObjectDefinition rOCDef, Task task, OperationResult parentResult) getSystemConfiguration
(OperationResult parentResult) mergeArchetypePolicies
(PrismObject<ArchetypeType> archetype, OperationResult result) <O extends ObjectType>
MergeDeltas<O>mergeObjectsPreviewDeltas
(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult result) <O extends ObjectType>
PrismObject<O>mergeObjectsPreviewObject
(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult result) <F extends ObjectType>
ModelContext<F>previewChanges
(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, OperationResult result) Computes the most likely changes triggered by the provided delta.<F extends ObjectType>
ModelContext<F>previewChanges
(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult result) void
processObjectsFromCollection
(CollectionRefSpecificationType collection, QName typeForFilter, Predicate<PrismContainer> handler, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, Task task, OperationResult result, boolean recordProgress) TODO documentrefDefinitionWithConcreteTargetRefType
(PrismReferenceDefinition orig, QName targetType) Returns Container Definition of Assignment Type with target type of assignment replaced by more concrete situation This allows for using more specific definition when searching for definitions for dereference, in GUI search or columns where we are sure (on other criteria) only assignment types we are processing have concrete target type.void
refreshPrincipal
(String oid, Class<? extends FocusType> clazz) <T> T
runUnderPowerOfAttorney
(Producer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result) default <T> T
runUnderPowerOfAttorneyChecked
(CheckedProducer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result) List<? extends Serializable>
searchObjectsFromCollection
(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, Task task, OperationResult result) @NotNull String
submit
(@NotNull ActivityDefinitionType activityDefinition, @NotNull ActivitySubmissionOptions options, @NotNull Task task, @NotNull OperationResult result) Executes specified activity.default @NotNull String
submitScriptingExpression
(@NotNull ExecuteScriptType executeScriptCommand, @NotNull Task task, @NotNull OperationResult result) A convenience method, moved here from theBulkActionsService
(and bulk action executor).@NotNull String
submitTaskFromTemplate
(@NotNull String templateOid, @NotNull ActivityCustomization customization, @NotNull Task task, @NotNull OperationResult parentResult) Submits a task from template (pointed to by `templateOid`).@NotNull TaskType
submitTaskFromTemplate
(String templateTaskOid, List<Item<?, ?>> extensionItems, Task opTask, OperationResult result) Deprecated.@NotNull TaskType
submitTaskFromTemplate
(String templateTaskOid, Map<QName, Object> extensionValues, Task opTask, OperationResult result) Deprecated.void
terminateSessions
(TerminateSessionEvent terminateSessionEvent, Task task, OperationResult result) Terminates specified sessions (clusterwide).<F extends ObjectType>
ModelContext<F>unwrapModelContext
(LensContextType wrappedContext, Task task, OperationResult result) <O extends ObjectType>
voidvalidateValue
(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) <O extends ObjectType>
List<StringLimitationResult>validateValue
(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, Task task, OperationResult parentResult) @NotNull Visualization
visualizeDelta
(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, Task task, OperationResult result) @NotNull Visualization
visualizeDelta
(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, Task task, OperationResult result) @NotNull Visualization
visualizeDelta
(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, Task task, OperationResult result) @NotNull Visualization
visualizeDelta
(ObjectDelta<? extends ObjectType> delta, Task task, OperationResult result) visualizeDeltas
(List<ObjectDelta<? extends ObjectType>> deltas, Task task, OperationResult result) <O extends ObjectType>
ModelContextVisualizationvisualizeModelContext
(ModelContext<O> context, Task task, OperationResult result)
-
Field Details
-
CLASS_NAME_WITH_DOT
-
PREVIEW_CHANGES
-
GET_EDIT_OBJECT_DEFINITION
-
GET_ALLOWED_REQUEST_ASSIGNMENT_ITEMS
-
GET_ASSIGNABLE_ROLE_SPECIFICATION
-
GET_CREDENTIALS_POLICY
-
GET_AUTHENTICATIONS_POLICY
-
GET_REGISTRATIONS_POLICY
-
GET_SECURITY_POLICY
-
CHECK_PASSWORD
-
GET_CONNECTOR_OPERATIONAL_STATUS
-
MERGE_OBJECTS_PREVIEW_DELTA
-
MERGE_OBJECTS_PREVIEW_OBJECT
-
GET_DEPUTY_ASSIGNEES
-
SUBMIT_TASK_FROM_TEMPLATE
-
OP_SUBMIT
-
-
Method Details
-
previewChanges
<F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, OperationResult result) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException Computes the most likely changes triggered by the provided delta. The delta may be any change of any object, e.g. add of a user or change of a shadow. The resulting context will sort that out to "focus" and "projection" as needed. The supplied delta will be used as a primary change. The resulting context will reflect both this primary change and any resulting secondary changes.The changes are only computed, NOT EXECUTED. It also does not change any state of any repository object or task. Therefore, this method is safe to use anytime. However, it is reading the data from the repository and possibly also from the resources therefore there is still potential for communication (and other) errors and invocation of this method may not be cheap. However, as no operations are really executed there may be issues with resource dependencies. E.g. identifier that are generated by the resource are not taken into account while recomputing the values. This may also cause errors if some expressions depend on the generated values.
- Parameters:
task
- Task is expected to have execution mode !=TaskExecutionMode.PRODUCTION
otherwise exception is thrown- Throws:
SchemaException
PolicyViolationException
ExpressionEvaluationException
ObjectNotFoundException
ObjectAlreadyExistsException
CommunicationException
ConfigurationException
SecurityViolationException
-
previewChanges
<F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult result) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException -
unwrapModelContext
<F extends ObjectType> ModelContext<F> unwrapModelContext(LensContextType wrappedContext, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException -
getEditObjectDefinition
<O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException Returns a schema that reflects editability of the object in terms of midPoint schema limitations and security. This method merges together all the applicable limitations that midPoint knows of (schema, security, other constraints). It may be required to pre-populate new object before calling this method, e.g. to put the object in a correct org in case that delegated administration is used.
If null is returned then the access to the entire object is denied. It cannot be created or edited at all.
The returned definition contains all parts of static schema and run-time extensions. It does not contain parts of resource "refined" schemas. Therefore for shadows it is only applicable to static parts of the shadow (not attributes).
This is not security-sensitive function. It provides data about security constraints but it does not enforce it and it does not modify anything or reveal any data. The purpose of this method is to enable convenient display of GUI form fields, e.g. to hide non-accessible fields from the form. The actual enforcement of the security is executed regardless of this method.
- Parameters:
object
- object to edit- Returns:
- schema with correctly set constraint parts or null
- Throws:
SchemaException
ConfigurationException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
SecurityViolationException
-
getEditShadowDefinition
PrismObjectDefinition<ShadowType> getEditShadowDefinition(ResourceShadowCoordinates coordinates, AuthorizationPhaseType phase, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException -
getEditObjectClassDefinition
ResourceObjectDefinition getEditObjectClassDefinition(@NotNull @NotNull PrismObject<ShadowType> shadow, @NotNull @NotNull PrismObject<ResourceType> resource, AuthorizationPhaseType phase, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException Returns an object definition that reflects edit-ability of the resource object in terms of midPoint schema limitations and security. I.e. just likegetEditShadowDefinition(ResourceShadowCoordinates, AuthorizationPhaseType, Task, OperationResult)
but for resource objects. -
getMetadataItemProcessingSpec
@Experimental <O extends ObjectType> MetadataItemProcessingSpec getMetadataItemProcessingSpec(ItemPath metadataItemPath, PrismObject<O> object, Task task, OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException Returns specification of processing of given metadata item (e.g. provenance). The caller can use returned object to find out the processing of given metadata item for various data items (e.g. givenName, familyName, etc). -
getActionUrls
Collection<? extends DisplayableValue<String>> getActionUrls()Returns a collection of all authorization actions known to the system. The format of returned data is designed for displaying purposes.
Note: this method returns only the list of authorization actions that are known to the IDM Model component and the components below. It does not return a GUI-specific authorization actions.
-
getAssignableRoleSpecification
<H extends AssignmentHolderType,R extends AbstractRoleType> RoleSelectionSpecification getAssignableRoleSpecification(@NotNull @NotNull PrismObject<H> assignmentHolder, Class<R> targetType, int assignmentOrder, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException Returns an object that defines which roles can be assigned by the currently logged-in user.- Parameters:
assignmentHolder
- Object of the operation. The object (usually user) to whom the roles should be assigned.assignmentOrder
- order=0 means assignment, order>0 means inducement- Throws:
ObjectNotFoundException
SchemaException
ConfigurationException
ExpressionEvaluationException
CommunicationException
SecurityViolationException
-
getDonorFilter
<T extends ObjectType> ObjectFilter getDonorFilter(Class<T> searchResultType, ObjectFilter origFilter, String targetAuthorizationAction, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException Returns filter for lookup of donors of power of attorney. The donors are the users that have granted the power of attorney to the currently logged-in user.TODO: authorization limitations
- Parameters:
searchResultType
- type of the expected search resultsorigFilter
- original filter (e.g. taken from GUI search bar)targetAuthorizationAction
- Authorization action that the attorney is trying to execute on behalf of donor. Only donors for which the use of this authorization was not limited will be returned (that does not necessarily mean that the donor is able to execute this action, it may be limited by donor's authorizations). If the parameter is null then all donors are returned.task
- taskparentResult
- operation result- Returns:
- original filter with AND clause limiting the search.
- Throws:
SchemaException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
ConfigurationException
SecurityViolationException
-
getAllowedRequestAssignmentItems
<O extends ObjectType,R extends AbstractRoleType> ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException Returns decisions for individual items for "assign" authorization. This is usually applicable to assignment parameters. The decisions are evaluated using the security context of a currently logged-in user.- Parameters:
object
- object of the operation (user)target
- target of the operation (role, org, service that is being assigned)- Throws:
SchemaException
SecurityViolationException
ObjectNotFoundException
ExpressionEvaluationException
CommunicationException
ConfigurationException
-
determineNonceCredentialsPolicy
<F extends FocusType> NonceCredentialsPolicyType determineNonceCredentialsPolicy(PrismObject<F> user, String credentialsName, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException -
getSecurityPolicy
<F extends FocusType> SecurityPolicyType getSecurityPolicy(PrismObject<F> focus, String archetypeOid, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException -
getSecurityPolicy
SecurityPolicyType getSecurityPolicy(ResourceObjectDefinition rOCDef, Task task, OperationResult parentResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException -
getAuthenticationPolicy
AuthenticationsPolicyType getAuthenticationPolicy(PrismObject<UserType> user, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException Returns an authentications policies as defined in the system configuration security policy. This method is designed to be used during registration process or reset password process. security questions, etc).- Parameters:
task
-parentResult
-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException
- No system configuration or other major system inconsistencySchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getFlowPolicy
RegistrationsPolicyType getFlowPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException Returns a policy for registration, e.g. type of the supported registrations (self, social,...)- Parameters:
focus
- focus for who the policy should applytask
-parentResult
-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException
- No system configuration or other major system inconsistencySchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getCredentialsPolicy
CredentialsPolicyType getCredentialsPolicy(PrismObject<? extends FocusType> focus, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException Returns a credential policy that applies to the specified user. This method is designed to be used during credential reset so the GUI has enough information to set up the credential (e.g. password policies, security questions, etc).- Parameters:
focus
- focus for who the policy should applytask
-parentResult
-- Returns:
- applicable credentials policy or null
- Throws:
ObjectNotFoundException
- No system configuration or other major system inconsistencySchemaException
- Wrong schema or content of security policyCommunicationException
ConfigurationException
SecurityViolationException
ExpressionEvaluationException
-
getCompiledGuiProfile
@NotNull @NotNull CompiledGuiProfile getCompiledGuiProfile(Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException Returns currently applicable user profile, compiled for efficient use in the user interface. Use profile contains configuration, customization and user preferences for the user interface. Note: This operation bypasses the authorizations. It will always return the value regardless whether the current user is authorized to read the underlying objects or not. However, it will always return only values applicable for current user, therefore the authorization might be considered to be implicit in this case. -
getLoggedInPrincipals
- Returns:
- list of logged in users with at least 1 active session (clusterwide)
-
terminateSessions
void terminateSessions(TerminateSessionEvent terminateSessionEvent, Task task, OperationResult result) Terminates specified sessions (clusterwide). -
getSystemConfiguration
SystemConfigurationType getSystemConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException -
getDeploymentInformationConfiguration
DeploymentInformationType getDeploymentInformationConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException -
getAuditConfiguration
SystemConfigurationAuditType getAuditConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException -
getMergeConfiguration
List<MergeConfigurationType> getMergeConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException -
getCertificationConfiguration
AccessCertificationConfigurationType getCertificationConfiguration(OperationResult parentResult) throws ObjectNotFoundException, SchemaException -
checkPassword
boolean checkPassword(String userOid, ProtectedStringType password, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException Checks if the supplied password matches with current user password. This method is NOT subject to any password expiration policies, it does not update failed login counters, it does not change any data or meta-data. This method is NOT SUPPOSED to be used to validate password on login. This method is supposed to check old password when the password is changed by the user. We assume that the user already passed normal system authentication.Note: no authorizations are checked in the implementation. It is assumed that authorizations will be enforced at the page level.
- Returns:
- true if the password matches, false otherwise
- Throws:
ObjectNotFoundException
SchemaException
-
visualizeDeltas
List<Visualization> visualizeDeltas(List<ObjectDelta<? extends ObjectType>> deltas, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException -
visualizeModelContext
<O extends ObjectType> ModelContextVisualization visualizeModelContext(ModelContext<O> context, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, ConfigurationException -
visualizeDelta
@NotNull @NotNull Visualization visualizeDelta(ObjectDelta<? extends ObjectType> delta, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException -
visualizeDelta
@NotNull @NotNull Visualization visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException -
visualizeDelta
@NotNull @NotNull Visualization visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, ObjectReferenceType objectRef, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException -
visualizeDelta
@NotNull @NotNull Visualization visualizeDelta(ObjectDelta<? extends ObjectType> delta, boolean includeOperationalItems, boolean includeOriginalObject, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException -
getConnectorOperationalStatus
List<ConnectorOperationalStatus> getConnectorOperationalStatus(String resourceOid, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException -
mergeObjectsPreviewDeltas
<O extends ObjectType> MergeDeltas<O> mergeObjectsPreviewDeltas(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException -
mergeObjectsPreviewObject
<O extends ObjectType> PrismObject<O> mergeObjectsPreviewObject(Class<O> type, String leftOid, String rightOid, String mergeConfigurationName, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException -
generateNonce
<O extends ObjectType> String generateNonce(NonceCredentialsPolicyType noncePolicy, Task task, OperationResult result) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException -
generateValue
<O extends ObjectType> String generateValue(ValuePolicyType policy, int defaultLength, boolean generateMinimalSize, PrismObject<O> object, String shortDesc, Task task, OperationResult inputResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException TEMPORARY. Need to find out better way how to deal with generated values- Parameters:
policy
-defaultLength
-generateMinimalSize
-object
- object for which we generate the value (e.g. user or shadow)inputResult
-- Returns:
- Throws:
ExpressionEvaluationException
SchemaException
ObjectNotFoundException
CommunicationException
ConfigurationException
SecurityViolationException
-
generateValue
<O extends ObjectType> void generateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException -
validateValue
<O extends ObjectType> void validateValue(PrismObject<O> object, PolicyItemsDefinitionType policyItemsDefinition, Task task, OperationResult parentResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException -
getDeputyAssignees
@NotNull @NotNull List<ObjectReferenceType> getDeputyAssignees(AbstractWorkItemType workItem, Task task, OperationResult parentResult) throws SchemaException Gets "deputy assignees" i.e. users that are deputies of assignees. Takes limitations into account.MAY NOT CHECK AUTHORIZATIONS (uses repository directly, at least at some places) - TODO TODO parameterize on limitation kind
- Throws:
SchemaException
-
getDeputyAssignees
@NotNull @NotNull List<ObjectReferenceType> getDeputyAssignees(ObjectReferenceType assignee, OtherPrivilegesLimitations.Type limitationType, Task task, OperationResult result) throws SchemaException - Throws:
SchemaException
-
getAssignmentEffectiveStatus
ActivationStatusType getAssignmentEffectiveStatus(String lifecycleStatus, ActivationType activationType) Computes effective status for the current ActivationType in for an assignment -
assumePowerOfAttorney
MidPointPrincipal assumePowerOfAttorney(PrismObject<? extends FocusType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException -
dropPowerOfAttorney
MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException -
runUnderPowerOfAttorney
<T> T runUnderPowerOfAttorney(Producer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException -
runUnderPowerOfAttorneyChecked
default <T> T runUnderPowerOfAttorneyChecked(CheckedProducer<T> producer, PrismObject<? extends FocusType> donor, Task task, OperationResult result) throws CommonException - Throws:
CommonException
-
createLocalizableMessageType
@NotNull @NotNull LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateType template, VariablesMap variables, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException -
executeCredentialsReset
ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<UserType> user, ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException -
refreshPrincipal
void refreshPrincipal(String oid, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException -
getRelationDefinitions
List<RelationDefinitionType> getRelationDefinitions() -
submitTaskFromTemplate
@Deprecated @NotNull @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, List<Item<?, ?>> extensionItems, Task opTask, OperationResult result) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationExceptionDeprecated. -
submitTaskFromTemplate
@Deprecated @NotNull @NotNull TaskType submitTaskFromTemplate(String templateTaskOid, Map<QName, Object> extensionValues, Task opTask, OperationResult result) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationExceptionDeprecated. -
submitTaskFromTemplate
@NotNull @NotNull String submitTaskFromTemplate(@NotNull @NotNull String templateOid, @NotNull @NotNull ActivityCustomization customization, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult parentResult) throws CommonException Submits a task from template (pointed to by `templateOid`). SeeMidpointFunctions.submitTaskFromTemplate(String, ActivityCustomization)
for details.- Throws:
CommonException
-
determineArchetypePolicy
<O extends AssignmentHolderType> ArchetypePolicyType determineArchetypePolicy(PrismObject<O> assignmentHolder, OperationResult result) throws SchemaException, ConfigurationException Efficiently determines information about archetype policy applicable for a particular object. Returns null if no archetype policy is applicable. This is a "one stop" method for archetype policy in the GUI. The method returns archetype policy even for "legacy" situations, e.g. if the policy needs to be determined from system configuration using legacy subtype. GUI should not need to to any other processing to determine archetype information.This method is invoked very often, usually when any object is displayed (including display of object lists and search results). Therefore this method is supposed to be very efficient. It should be using caching as much as possible.
-
mergeArchetypePolicies
ArchetypePolicyType mergeArchetypePolicies(PrismObject<ArchetypeType> archetype, OperationResult result) throws SchemaException, ConfigurationException -
determineAssignmentTargetSpecification
<O extends AssignmentHolderType> AssignmentCandidatesSpecification determineAssignmentTargetSpecification(PrismObject<O> assignmentHolder, OperationResult result) throws SchemaException, ConfigurationException Returns data structure that contains information about possible assignment targets for a particular holder object.This method should be used when editing assignment holder (e.g. user) and looking for available assignment target. The determineAssignmentHolderSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
-
getFilteredArchetypesByHolderType
<O extends AssignmentHolderType> List<ArchetypeType> getFilteredArchetypesByHolderType(PrismObject<O> object, OperationResult result) throws SchemaException This method is used to differentiate which archetypes can be added to object with holderType type. e.g. when changing archetype within Change archetype functionality should provide only those archetypes which can be assigned according to holderType.- Throws:
SchemaException
-
getFilteredArchetypesByHolderType
<O extends AssignmentHolderType> List<ArchetypeType> getFilteredArchetypesByHolderType(Class<O> objectType, OperationResult result) throws SchemaException - Throws:
SchemaException
-
determineAssignmentHolderSpecification
<O extends AbstractRoleType> AssignmentCandidatesSpecification determineAssignmentHolderSpecification(PrismObject<O> assignmentTarget, OperationResult result) throws SchemaException, ConfigurationException Returns data structure that contains information about possible assignment holders for a particular target object.This method should be used when editing assignment target (role, org, service) and looking for object that can be potential members. The determineAssignmentTargetSpecification is a "reverse" version of this method.
This method is not used that often. It is used when an object is edited. But it should be quite efficient anyway. It should use cached archetype information.
-
evaluateCollectionPolicyRules
@Experimental @NotNull @NotNull Collection<EvaluatedPolicyRule> evaluateCollectionPolicyRules(@NotNull @NotNull PrismObject<ObjectCollectionType> collection, @Nullable @Nullable CompiledObjectCollectionView preCompiledView, @Nullable @Nullable Class<? extends ObjectType> targetTypeClass, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException Returns all policy rules that apply to the collection. Later, the policy rules are compiled from all the applicable sources (target, meta-roles, etc.). But for now we support only policy rules that are directly placed in collection assignments. EXPERIMENTAL. Quite likely to change later. [EP:APSO] DONE We assume that the collection is provided from the repository! Verified with the caller. -
compileObjectCollectionView
@Experimental @NotNull @NotNull CompiledObjectCollectionView compileObjectCollectionView(@NotNull @NotNull CollectionRefSpecificationType collection, @Nullable @Nullable Class<? extends Containerable> targetTypeClass, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException -
determineCollectionStats
@Experimental @NotNull @NotNull CollectionStats determineCollectionStats(@NotNull @NotNull CompiledObjectCollectionView collectionView, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException, ExpressionEvaluationException -
applyView
@Experimental void applyView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType) Applying all GuiObjectListViewsType to CompiledObjectCollectionView -
compileView
void compileView(CompiledObjectCollectionView existingView, GuiObjectListViewType objectListViewsType, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException Compile object list view together with collection ref specification if present -
validateValue
@Experimental <O extends ObjectType> List<StringLimitationResult> validateValue(ProtectedStringType protectedStringValue, ValuePolicyType pp, PrismObject<O> object, Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException -
processObjectsFromCollection
@Experimental void processObjectsFromCollection(CollectionRefSpecificationType collection, QName typeForFilter, Predicate<PrismContainer> handler, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, Task task, OperationResult result, boolean recordProgress) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException TODO document -
getSearchSpecificationFromCollection
@Experimental <T> ModelInteractionService.SearchSpec<T> getSearchSpecificationFromCollection(CompiledObjectCollectionView collection, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> options, VariablesMap variables, Task task, OperationResult result) throws ConfigurationException, SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ObjectNotFoundException TODO document and clean up the interface -
searchObjectsFromCollection
@Experimental List<? extends Serializable> searchObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException -
countObjectsFromCollection
@Experimental Integer countObjectsFromCollection(CollectionRefSpecificationType collectionConfig, QName typeForFilter, Collection<SelectorOptions<GetOperationOptions>> defaultOptions, ObjectPaging usedPaging, VariablesMap variables, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException -
expandConfigurationObject
@Experimental void expandConfigurationObject(@NotNull @NotNull PrismObject<? extends ObjectType> configurationObject, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws SchemaException, ConfigurationException, ObjectNotFoundException SeeProvisioningService.expandConfigurationObject(PrismObject, Task, OperationResult)
for the description. TODO security aspects -
submit
@NotNull @NotNull String submit(@NotNull @NotNull ActivityDefinitionType activityDefinition, @NotNull @NotNull ActivitySubmissionOptions options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws CommonException Executes specified activity. Currently hard-wired to do that on background, i.e. by wrapping it into a task, and creating the task via the clockwork. (So that mappings from e.g. archetypes are executed.) Does _not_ require any special authorizations to submit the task. (The submit operation executes with elevated privileges.) The planned future state is that GUI declares the work that should be done (like "recompute members of role X") and the model will then decide the optimal way of doing that (e.g., on foreground or on background) and executes the action. When determining the way it needs to consider user preferences and/or authorizations, or the situation, like how many members are there. The goal is to better isolate GUI from the rest of midPoint, and to provide means for 3rd party GUI implementations. The current method should be seen as a (very rough) placeholder. Task archetype(s) are determined from the work, from the task template or from explicit options. Returns the background task OID. It is also set in the operation result.- Throws:
CommonException
-
createExecutionTask
@NotNull @NotNull TaskType createExecutionTask(@NotNull @NotNull ActivityDefinitionType activityDefinition, @NotNull @NotNull ActivitySubmissionOptions options, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws CommonException Assubmit(ActivityDefinitionType, ActivitySubmissionOptions, Task, OperationResult)
but only prepares the task for execution; does not submit it.- Throws:
CommonException
-
submitScriptingExpression
@NotNull default @NotNull String submitScriptingExpression(@NotNull @NotNull ExecuteScriptType executeScriptCommand, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result) throws CommonException A convenience method, moved here from theBulkActionsService
(and bulk action executor).- Throws:
CommonException
-
authorizeBulkActionExecution
void authorizeBulkActionExecution(@Nullable @Nullable BulkAction action, @Nullable @Nullable AuthorizationPhaseType phase, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, SecurityViolationException, CommunicationException, ConfigurationException, ObjectNotFoundException Just a convenience method that checks that relevant authorization is present. (No action means the authorization for all actions is checked.) -
assignmentTypeDefinitionWithConcreteTargetRefType
PrismContainerDefinition<AssignmentType> assignmentTypeDefinitionWithConcreteTargetRefType(PrismContainerDefinition<AssignmentType> orig, QName targetType) Returns Container Definition of Assignment Type with target type of assignment replaced by more concrete situation This allows for using more specific definition when searching for definitions for dereference, in GUI search or columns where we are sure (on other criteria) only assignment types we are processing have concrete target type.- Parameters:
orig
- Original definition of Assignment TypetargetType
- Concrete target type
-
refDefinitionWithConcreteTargetRefType
PrismReferenceDefinition refDefinitionWithConcreteTargetRefType(PrismReferenceDefinition orig, QName targetType) Returns Container Definition of Assignment Type with target type of assignment replaced by more concrete situation This allows for using more specific definition when searching for definitions for dereference, in GUI search or columns where we are sure (on other criteria) only assignment types we are processing have concrete target type.- Parameters:
orig
- Original definition of Assignment TypetargetType
- Concrete target type
-
executeWithSimulationResult
<X> X executeWithSimulationResult(@NotNull @NotNull TaskExecutionMode mode, @Nullable @Nullable SimulationDefinitionType simulationDefinition, @NotNull @NotNull Task task, @NotNull @NotNull OperationResult result, @NotNull @NotNull SimulationResultManager.SimulatedFunctionCall<X> functionCall) throws CommonException Executes the code in `functionCall` parameter (SimulationResultManager.SimulatedFunctionCall
) in the simulation mode (`mode` parameter), with the provided simulation result definition. The task must not be persistent. (This limitation can be lifted in the future, if needed.) Requires the native repository.- Throws:
CommonException
-
applyDefinitions
void applyDefinitions(ShadowType shadow, Task task, OperationResult result) throws SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectNotFoundException Helper method to properly apply definitions to shadow. It is only needed when raw option is used for shadow search. Not sure about correctness of the method place and if even should be needed.
-