Task #1180
closed
Role name is not visible in the automatic role request
100%
Description
Role name is not visible in the automatic role request.
By default, we assumes that all role requests are for roles witch can be requested.
- For this cause wee need new permission evaluator something as "RoleByWfInvolvedIdentityEvaluator", but there is problem, becaouse the role does not have relation to the workflow process.
- Name of role could be filled on the backend (in the roleRequest). Same approche is used in the detail of task for approving a role (there is name of role sets in the workflow).
- The simplest solution is add autocomplete permission on all roles for all users.
Files
Updated by Vít Švanda over 6 years ago
- Category set to 44
- Assignee changed from Vít Švanda to Alena Peterová
Do you see some reason why is no possible add autocomplete role permission for all users?
Updated by Alena Peterová over 6 years ago
- Assignee changed from Alena Peterová to Vít Švanda
Vít Švanda wrote:
Do you see some reason why is no possible add autocomplete role permission for all users?
According to wiki: https://wiki.czechidm.com/devel/documentation/security/dev/authorization#default_settings_of_permissions_for_an_identity_profile
"Role (IdmRole) | Displaying in autocomplete, selections | RoleCanBeRequestedEvaluator (this is necessary to filter roles by the "Can be requested" attribute in the role requests)"
I remember, that when we added autocomplete for all roles, the users could request for all roles. Is it still true?
Updated by Vít Švanda over 6 years ago
- Status changed from Needs feedback to In Progress
- Target version changed from Malachite (9.0.0) to Morganite (9.2.0)
You have definitlly right. Allow autocomplete for all roles isn't good way for now.
Possible solutions:
- Change the way how requested of roles rights are evaluated. Now I can create request for all roles wich I can read. Maybe will be better create new permission type "CHANGEPERMISSION/REUESTABLE" and this permission will be controll for wich roles can I create a requests. Then we will able to allow autocomplete for all roles. This is good solution (by me), but little complicated.
- Request will contains the role DTO and task detail will be using only that object (not evoke separate request on the BE).
Updated by Vít Švanda about 6 years ago
- Status changed from In Progress to New
- Target version changed from Morganite (9.2.0) to Onyx (9.3.0)
Updated by Radek Tomiška over 4 years ago
- Status changed from New to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 0 to 100
Solved by new permission 'Can be requested' configurable for roles in version 9.7.12.