Do functionality and performance improvements

1. Membership and group deletion is now handled correctly
2. Operations on large LDAP groups should now be faster
(but still not optimal)

demo/complex2s/midpoint-objects/functionLibraries/function-library-grouper.xml

@@ -1,17 +1,8 @@
 <!--
-  ~ Copyright (c) 2010-2019 Evolveum
+  ~ Copyright (c) 2019 Evolveum and contributors
   ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~     http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
   -->
 
 <functionLibrary oid="2eef4181-25fa-420f-909d-846a36ca90f3"
@@ -49,14 +40,14 @@
 	  "encrypted": false,
 	  "esbEvent": [
 		{
-		  "displayName": "ref:alumni",
+		  "displayName": "ref:affiliation:alumni",
 		  "changeOccurred": false,
 		  "createdOnMicros": 1551884850499000,
 		  "parentStemId": "9a7ce40af6c546148b41eec81b8ca18d",
 		  "id": "00000000000000000000000000000002",
 		  "sequenceNumber": "110",
 		  "eventType": "GROUP_ADD",
-		  "name": "ref:alumni"
+		  "name": "ref:affiliation:alumni"
 		}
 	  ]
 	}

demo/complex2s/midpoint-objects/objectTemplates/template-user.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" oid="8098b124-c20c-4965-8adf-e528abedf7a4">
     <name>User Template</name>
     <mapping>
@@ -21,13 +28,13 @@
 
                     memberDef = prismContext.definitionFactory().createPropertyDefinition(MEMBER_NAME, DOMUtil.XSD_STRING)
                     memberDef.setMaxOccurs(-1)
-
-                    // TODO check for exists/dead
+
                     shadowQuery = prismContext.queryFor(ShadowType.class)
                         .item(ShadowType.F_RESOURCE_REF).ref(GROUPER_RESOURCE_OID)
                         .and().item(ShadowType.F_SYNCHRONIZATION_SITUATION).eq(SynchronizationSituationType.LINKED)
                         .and().item(ShadowType.F_KIND).eq(ShadowKindType.ENTITLEMENT)
                         .and().item(ShadowType.F_INTENT).eq('group')
+                        .and().block().item(ShadowType.F_DEAD).isNull().or().item(ShadowType.F_DEAD).eq(false).endBlock()
                         .and().item(ItemPath.create(ShadowType.F_ATTRIBUTES, MEMBER_NAME), memberDef).eq(basic.stringify(name))
                         .build()
 

demo/complex2s/midpoint-objects/orgs/org-affiliations.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="1d7c0e3a-4456-409c-9f50-95407b2eb785">
     <name>affiliations</name>

demo/complex2s/midpoint-objects/orgs/org-courses.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="225e9360-0639-40ba-8a31-7f31bef067be">
     <name>courses</name>

demo/complex2s/midpoint-objects/orgs/org-departments.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="bee44c51-2469-411d-bac7-695728e9c241">
     <name>departments</name>

demo/complex2s/midpoint-objects/orgs/org-generic-groups.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="1f339075-5b2f-4a18-9c98-451f3eb0d28d">
     <name>generic-groups</name>

demo/complex2s/midpoint-objects/orgs/org-grouper-sysadmin.xml

@@ -1,12 +1,11 @@
-<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
-      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
-      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
-      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
-      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
-      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
-      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
-      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
       oid="d48ec05b-fffd-4262-acd3-d9ff63365b62">
     <name>org-grouper-sysadmin</name>
     <displayName>Grouper Administrators</displayName>

demo/complex2s/midpoint-objects/orgs/org-mailing-lists.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="d81fb46c-20c7-44d3-8402-fef404ea1264">
     <name>mailing-lists</name>

demo/complex2s/midpoint-objects/orgs/org-midpoint-groups.xml

@@ -1,4 +1,11 @@
 <?xml version="1.0"?>
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     oid="4790ab69-7ef0-41a4-8992-78877f3beb23">
     <name>midpoint-groups</name>

demo/complex2s/midpoint-objects/resources/ldap-main.xml

@@ -1,13 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License, 
-	Version 2.0 (the "License"); ~ you may not use this file except in compliance 
-	with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 
-	~ ~ Unless required by applicable law or agreed to in writing, software ~ 
-	distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT 
-	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the 
-	License for the specific language governing permissions and ~ limitations 
-	under the License. -->
-
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
 
 <resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272"
         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
@@ -84,7 +81,7 @@
                     <minOccurs>0</minOccurs>
                 </limitations>
                 <tolerant>false</tolerant>
-				<matchingRule>mr:stringIgnoreCase</matchingRule>
+				<matchingRule>mr:distinguishedName</matchingRule>
                 <outbound>
                     <strength>strong</strength>
                     <source>
@@ -201,7 +198,7 @@
 			<protected>
 				<filter>
 					<q:equal>
-						<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
+						<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching>
 						<q:path>attributes/ri:dn</q:path>
 						<q:value>cn=root,dc=internet2,dc=edu</q:value>
 					</q:equal>
@@ -226,7 +223,7 @@
             </attribute>
             <attribute>
                 <ref>ri:dn</ref>
-                <matchingRule>mr:stringIgnoreCase</matchingRule>
+                <matchingRule>mr:distinguishedName</matchingRule>
                 <outbound>
                     <strength>strong</strength>
                     <source>
@@ -244,6 +241,11 @@
                     </source>
                 </outbound>
             </attribute>
+            <attribute>
+                <ref>ri:uniqueMember</ref>
+                <matchingRule>mr:distinguishedName</matchingRule>
+				<fetchStrategy>minimal</fetchStrategy>
+            </attribute>
         </objectType>
 	</schemaHandling>
 

demo/complex2s/midpoint-objects/resources/resource-grouper.xml

@@ -1,18 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2019 Evolveum
+  ~ Copyright (c) 2019 Evolveum and contributors
   ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~     http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
   -->
 
 <resource oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233"
@@ -168,9 +159,9 @@
             </reaction>
             <reaction>
                 <situation>deleted</situation>
-                <action>
-                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus</handlerUri>
-                </action>
+                <!-- a separate task will take care of deleted groups -->
+                <!-- we don't even need to unlink the shadow -->
+                <synchronize>true</synchronize>
             </reaction>
             <reaction>
                 <situation>unlinked</situation>

demo/complex2s/midpoint-objects/resources/scriptedsql-sis-persons.xml

@@ -1,6 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<c:resource oid="4d70a0da-02dd-41cf-b0a1-00e75d3eaa15" 
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<c:resource oid="4d70a0da-02dd-41cf-b0a1-00e75d3eaa15"
     xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

demo/complex2s/midpoint-objects/resources/target-cs-portal.xml

@@ -1,3 +1,10 @@
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <c:resource oid="a343fc2e-3954-4034-ba1a-2b72c21e577a" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:my="http://myself.me/schemas/whatever"

demo/complex2s/midpoint-objects/resources/target-faculty-portal.xml

@@ -1,3 +1,10 @@
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <c:resource oid="e417225d-8a08-46f3-9b5d-624990b52386" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:my="http://myself.me/schemas/whatever"

demo/complex2s/midpoint-objects/resources/target-mailing-lists.xml

@@ -1,3 +1,10 @@
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
 <c:resource oid="fe805d13-481b-43ec-97d8-9d2df72cd38e" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:my="http://myself.me/schemas/whatever"

demo/complex2s/midpoint-objects/roles/metarole-grouper-provided-group.xml

@@ -1,4 +1,11 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
       xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
       xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
       xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
@@ -141,6 +148,38 @@
                     <path>displayName</path>
                 </target>
             </mapping>
+
+            <mapping>
+                <name>lifecycle state</name>
+                <description>This mapping sets org lifecycle state to be either "active" or "retired", depending on
+                    whether Grouper group for this org still exists. Orgs in the latter state are on the way to deletion:
+                    their members are unassigned and after no members are there, the org is automatically deleted.</description>
+                <strength>strong</strength>
+                <expression>
+                    <script>
+                        <code>
+                            import com.evolveum.midpoint.model.impl.expr.*
+                            import com.evolveum.midpoint.schema.*
+                            import com.evolveum.midpoint.xml.ns._public.common.common_3.*
+
+                            GROUPER_RESOURCE_OID = '1eff65de-5bb6-483d-9edf-8cc2c2ee0233'
+
+                            modelContext = ModelExpressionThreadLocalHolder.lensContext
+                            rsd = new ResourceShadowDiscriminator(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null, false)
+                            if (modelContext.findProjectionContext(rsd) != null) {
+                                log.info('Projection context for Grouper group found, marking as "active"')
+                                'active'
+                            } else {
+                                log.info('No projection context for Grouper group, marking as "retired"')
+                                'retired'
+                            }
+                        </code>
+                    </script>
+                </expression>
+                <target>
+                    <path>lifecycleState</path>
+                </target>
+            </mapping>
         </focusMappings>
 
         <!-- 

demo/complex2s/midpoint-objects/roles/metarole-ldap-group.xml

@@ -1,4 +1,11 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
       xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
       xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
       xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 

demo/complex2s/midpoint-objects/roles/role-ldap-basic.xml

@@ -1,4 +1,11 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+<!--
+  ~ Copyright (c) 2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
       xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
       xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
       xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"