Defect #1483
closed
Task #1462: Release of version 9.4.0-rc.2
Role attributes - missing integrity check on delete of attribute definition
100%
Description
Version: 9.4.0-rc.2
When setting up an automatic role (with 4 additional attributes) - assignment works fine.
After making it incompatible with another role - this fails.
Please find attached the detailed description and steps of the test case.
Files
Updated by Radek Tomiška almost 6 years ago
I checked attached document (in cs). The main issue is in the scenario - automatic role cannot have required attribute => there is no way, how to fill this attribute automatically by the system (if no value generator is configured) and application say correct error message "Identity-role [8d0efb82-34fd-4c34-88b4-0784e42a8c95] (for role [roleVedoucí|test]) has unvalid attribute [Max.]!"
On the other side, we can improve automatic role definition to prevent administrator to configure it this way (but validation will be a little harder, because required attribute can be defined from other side, than automatic role configuration).
What should be fixed is removal of role attribute - referential integrity is missing, when source form attribute (IdmFormAttribute) is deleted (as says another chapter in attached document).
Note: this issue is not related with incompatible roles feature (SoD).
Updated by Radek Tomiška almost 6 years ago
- Description updated (diff)
- Category set to Roles
- Target version set to Opal (9.4.0)
Updated by Vít Švanda almost 6 years ago
- Subject changed from Incompatibility of automatic role and another role yields a server error to Role attributes - missing integrity check on delete of attribute definition
- Status changed from New to In Progress
Updated by Vít Švanda almost 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 0 to 90
I added integrity check on delete the form attribute definition on using in role (atribute sub-definition).
If is form attribute using in sub-definition, then cannot be deleted.
Test created too.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/515448d7a9e41f691fb103a253389a94969685f8
Updated by Radek Tomiška almost 6 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 90 to 100
I did test and review, it works and code looks nice, thx! I like code of the role with the related attribute in exception message, it's helpful.