Project

General

Profile

Task #1377

Parameterization of assigned roles

Added by Vít Švanda 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Roles
Target version:
Start date:
11/15/2018
Due date:
% Done:

100%


Description

Design:

  • Values will be saved in EAV on IdmIdentityRole (new).
  • Definition of EAV can be selected on IdmRole (new column).
  • Definition of EAV shuld be created directly in agenda of "Form definitions".
  • EAV values should be edited only via role request.
  • Only roles without parameters could be added with multiselect.
  • Role with parameters could be added one by one only (we need to fill specific values of parameters).
  • Parameters will be showed in WF approving process.
  • Parameters could be editing in WF approving process????
  • Provisioning - we need propagate identity-role parameters to transformation.
    • May be new input parameter to transformation to system is requesred (map of values for all assigned roles).
    • May be new script for loading map of values for all assigned roles will be created.
  • Synchronization of attributes is not required now. It is true?

Related issues

Related to CzechIdM - Task #1391: Copy roles between users Closed 11/27/2018
Related to CzechIdM - Task #1406: Generate default eav values for role concepts and role identity Closed 12/07/2018

History

#1 Updated by Vít Švanda 5 months ago

  • Description updated (diff)

#2 Updated by Vít Švanda 5 months ago

  • Status changed from New to In Progress

#3 Updated by Vít Švanda 5 months ago

  • Added EAV for IdentityRole

#4 Updated by Vít Švanda 5 months ago

  • Created EAV for ConceptRoleRequest entity.
  • Added select of definition of identity role attributes on role.
  • Show EAV attributes on idenity-role (tabs).
  • Start with modification of concept change table - we need to show and edit EAV here ... very hard work ...

#5 Updated by Vít Švanda 5 months ago

  • % Done changed from 0 to 20
  • I modified concept role request for support of save EAV attributes on create/update concept .
  • Concept change table extend for support show and editing EAV attributes (operation add implemented, update not works now).

#6 Updated by Vít Švanda 5 months ago

  • % Done changed from 20 to 30
  • Copy EAVs from concept to identityRole on FE
  • Optimalization of Role request = turn off save and show original request, minimalization of exception trace saved to the reqeust log

#7 Updated by Vít Švanda 5 months ago

  • % Done changed from 30 to 40

I started with implementeation of provisioning and sync for identity-role.

#8 Updated by Ondřej Kopr 5 months ago

  • Related to Task #1391: Copy roles between users added

#9 Updated by Vít Švanda 5 months ago

  • Created relation entity AccIdentityRoleAccount for synchronization and basic synchronization.
  • IdentityRole entity will be not supported self provisioning. Instead that provisioning of Identity will be supports provisioning of IdentityRole.

#10 Updated by Vít Švanda 5 months ago

- Created method for evaluation changes of EAVs in identity-role against EAVs in concept

#11 Updated by Vít Švanda 5 months ago

  • I started with show changes of EAVs values on the FE. Method for find changes (from Request agenda) generates too much elementry results (changes on fileds). I had to rewrited that logic specific for this purpose.
  • I fixed problem with not show EAV values in the concept.

#12 Updated by Vít Švanda 5 months ago

  • % Done changed from 40 to 50
  • New and original values can be shown on EAVs detail. * All component Form component were modified for this feature.
  • Solving performance issue on Concept table.

#13 Updated by Vít Švanda 5 months ago

  • Optimalization count of component rendering
  • Extract role-concept-detail to new component (for WF detail)

#14 Updated by Vít Švanda 5 months ago

  • Created component for show concept detail in WF processes.
  • Modified all processes (for approving assigning a role) for show concept detail.
  • Solved problems with premissions for concept, contract, role, form definition

#15 Updated by Vít Švanda 5 months ago

I started with modifying the Identity provisioning.

#16 Updated by Vít Švanda 5 months ago

  • % Done changed from 50 to 70
  • Provisionig for identity is implemented (added new attributes "assignedRoles" and "assignedRolesForSystem").
  • I started with implementation the form service validation.

#17 Updated by Ondřej Kopr 5 months ago

  • Related to Task #1406: Generate default eav values for role concepts and role identity added

#18 Updated by Vít Švanda 5 months ago

  • Validation: * Invalid concepts are highlights in concept table. * Concepts with attributes are validate on start the request. * IdenityRole - on save is validate all EAV attributes now.
  • Detail of concept (with attributes) can be editable in the WF now.

#19 Updated by Vít Švanda 5 months ago

Integrity check on delete the form-definition.
I started with creation of a tests.

#20 Updated by Vít Švanda 5 months ago

  • % Done changed from 70 to 80
  • Fixed problem with validation issue in WF process.
  • Created first 5 tests.

#21 Updated by Vít Švanda 4 months ago

  • % Done changed from 80 to 90
  • Created next tests in Core and ACC module.
  • Fixed bugs and sonar issues.

#22 Updated by Vít Švanda 4 months ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Ondřej Kopr
  • Completed ER diagram
  • Fixed problem with concept detail (on change of a contract)

Documentation will be crated within #1414.

#23 Updated by Ondřej Kopr 4 months ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Ondřej Kopr to Vít Švanda
  • % Done changed from 90 to 100

I made review. It was tough and painful :( lots of code and new functionality. Every issues that was founded, Vitek resolved immediately, thanks for that. Now role parametrization works well. There still will be exists some strange behavior with missing permissions. But when is userRole set as is described in https://wiki.czechidm.com/9.3/documentation/security/dev/authorization?s[]=userrole#default_settings_of_permissions_for_an_identity_profile works the feature well.

Thanks for this feature.

#24 Updated by Vít Švanda 4 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF