Project

General

Profile

Actions

Task #1125

closed

Identity extended attributes - support authorization policies

Added by Radek Tomiška almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Eav
Target version:
Start date:
06/11/2018
Due date:
% Done:

100%

Estimated time:
24.00 h
Owner:

Description

Support authorization policies for extended attributes:
- configure attributes, which can be read / edit by logged identity


Related issues

Related to IdStory Identity Manager - Task #1160: Authorization policies - add localization and define form definitionsNewRadek Tomiška06/28/2018

Actions
Related to IdStory Identity Manager - Task #1158: Long running task: use form definition for configurationClosedRadek Tomiška06/28/2018

Actions
Actions #1

Updated by Radek Tomiška almost 6 years ago

  • Status changed from New to In Progress
Actions #2

Updated by Radek Tomiška almost 6 years ago

  • Target version set to Lapis (8.2.0)
  • Estimated time set to 24.00 h
Actions #3

Updated by Radek Tomiška almost 6 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

Support authorization policies for extended identity form values was added.

Documentation:
https://wiki.czechidm.com/devel/documentation/application_configuration/dev/dynamic-forms#authorization_policies_support
https://wiki.czechidm.com/devel/documentation/security/dev/authorization#identityformvalueevaluator
https://wiki.czechidm.com/devel/documentation/security/dev/authorization#secure_identity_form_extended_attribute_values
https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#identity

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/c9521b2cbadf22b453948b19b28f17dd868e2af6

I've added eav form to authorization policies configuration - now is possible to localize authorization policies parameters. Eav form support was moved from reports api into Configurable interface and will be used for long running task configuration as well.

Could you do a review please?

Actions #4

Updated by Ondřej Kopr almost 6 years ago

  • Assignee changed from Vít Švanda to Ondřej Kopr

I made a review.

Actions #5

Updated by Ondřej Kopr almost 6 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Ondřej Kopr to Radek Tomiška

Documentation is awesome linked to each other. When I search evaluator I immediate see required application properties.

I found only this thing:
  • I create required attribute and give user permission read this attribute, then I create second attribute with update, save all form isn't possible because required value is null, but is this required behavior? For me is this OK. (moreover beahvior in EavForm). Feel free repair this things, I will retest this behavior.

Otherwise behavior with advanced settings (logged user only and by permission read/update identity) works awesome. I didn't find any problem with the feature. Thanks for that. This is useful for projects.

Thanks.

Actions #6

Updated by Radek Tomiška almost 6 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

Thx for feedback:
- i fixed required readonly attributes - readonly attributes are not required
- i added form definition evaluator (+ localization, + select box)
- i improved usage of form service in contract slices - direct usage of FormValueService is not recomended - use FormService everywhere.
- i added external id to contract slices + rest integration test

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/1050e38404c8fbcdb13281f51963ebfdb6ce04e4

Actions #7

Updated by Radek Tomiška almost 6 years ago

  • Related to Task #1160: Authorization policies - add localization and define form definitions added
Actions #8

Updated by Radek Tomiška almost 6 years ago

  • Related to Task #1158: Long running task: use form definition for configuration added
Actions

Also available in: Atom PDF