private <O extends ObjectType> void applySchemasAndSecurityPhase(PrismObject<O> object, ObjectSecurityConstraints securityConstraints, PrismObjectDefinition<O> objectDefinition,
GetOperationOptions rootOptions, AuthorizationPhaseType phase, Task task, OperationResult result)
throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
Validate.notNull(phase);
try {
AuthorizationDecisionType globalReadDecision = securityConstraints.findAllItemsDecision(ModelAuthorizationAction.AUTZ_ACTIONS_URLS_GET, phase);
if (globalReadDecision == AuthorizationDecisionType.DENY) {
SecurityUtil.logSecurityDeny(object, "because the authorization denies access");
throw new AuthorizationException("Access denied");
}
AuthorizationDecisionType globalAddDecision = securityConstraints.findAllItemsDecision(ModelAuthorizationAction.ADD.getUrl(), phase);
AuthorizationDecisionType globalModifyDecision = securityConstraints.findAllItemsDecision(ModelAuthorizationAction.MODIFY.getUrl(), phase);
applySecurityConstraints(object.getValue().getItems(), securityConstraints, globalReadDecision,
globalAddDecision, globalModifyDecision, phase);
if (object.isEmpty()) {
SecurityUtil.logSecurityDeny(object, "because the subject has not access to any item");
throw new AuthorizationException("Access denied");
}
applySecurityConstraintsItemDef(objectDefinition, new IdentityHashMap<>(), ItemPath.EMPTY_PATH, securityConstraints, globalReadDecision, globalAddDecision, globalModifyDecision, phase);
} catch (SecurityViolationException | RuntimeException e) {
result.recordFatalError(e);
throw e;
}
}