Project

General

Profile

Actions

Defect #1483

closed

Task #1462: Release of version 9.4.0-rc.2

Role attributes - missing integrity check on delete of attribute definition

Added by milus kotisova almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
Roles
Target version:
Start date:
01/30/2019
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

Version: 9.4.0-rc.2
When setting up an automatic role (with 4 additional attributes) - assignment works fine.
After making it incompatible with another role - this fails.

Please find attached the detailed description and steps of the test case.


Files

TEST_neslucitelnost_roli.odt (367 KB) TEST_neslucitelnost_roli.odt milus kotisova, 01/30/2019 03:49 PM
Actions #1

Updated by Radek Tomiška almost 6 years ago

I checked attached document (in cs). The main issue is in the scenario - automatic role cannot have required attribute => there is no way, how to fill this attribute automatically by the system (if no value generator is configured) and application say correct error message "Identity-role [8d0efb82-34fd-4c34-88b4-0784e42a8c95] (for role [roleVedoucí|test]) has unvalid attribute [Max.]!"

On the other side, we can improve automatic role definition to prevent administrator to configure it this way (but validation will be a little harder, because required attribute can be defined from other side, than automatic role configuration).

What should be fixed is removal of role attribute - referential integrity is missing, when source form attribute (IdmFormAttribute) is deleted (as says another chapter in attached document).

Note: this issue is not related with incompatible roles feature (SoD).

Actions #2

Updated by Radek Tomiška almost 6 years ago

  • Description updated (diff)
  • Category set to Roles
  • Target version set to Opal (9.4.0)
Actions #3

Updated by Vít Švanda almost 6 years ago

  • Subject changed from Incompatibility of automatic role and another role yields a server error to Role attributes - missing integrity check on delete of attribute definition
  • Status changed from New to In Progress
Actions #4

Updated by Vít Švanda almost 6 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 0 to 90

I added integrity check on delete the form attribute definition on using in role (atribute sub-definition).
If is form attribute using in sub-definition, then cannot be deleted.
Test created too.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/515448d7a9e41f691fb103a253389a94969685f8

Actions #5

Updated by Radek Tomiška almost 6 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 90 to 100

I did test and review, it works and code looks nice, thx! I like code of the role with the related attribute in exception message, it's helpful.

Actions #6

Updated by Vít Švanda almost 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF