Project

General

Profile

Actions

Defect #1540

closed

Displaying bulk actions for systems require ROLE_READ and SYSTEM_DELETE

Added by Alena Peterová about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Bulk operations
Target version:
Start date:
03/06/2019
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

Version: 9.5.0-SNAPSHOT

Displaying bulk actions for systems now require permissions:
  • ROLE_READ (rest controller for endpoint /systems/bulk/actions)
  • SYSTEM_DELETE (to display row selection - checkboxes)

It should require only SYSTEM_READ. Other permissions are specific for different bulk actions.


Related issues

Related to IdStory Identity Manager - Task #1357: Create Export system Bulk-ActionIn ProgressMarek Klement11/01/2018

Actions
Actions #1

Updated by Alena Peterová about 5 years ago

  • Related to Task #1357: Create Export system Bulk-Action added
Actions #2

Updated by Alena Peterová about 5 years ago

  • Description updated (diff)
Actions #3

Updated by Radek Tomiška about 5 years ago

System delete bulk action should have SYSTEM_DELETE permission.

I checked some bulk actions for the system (acc) and they are correctly configured (delete, duplicate). Please specify concrete bulk action, which should be reconfigured.

The issue is maybe connected with FE only (SystemTable), where additional SYSTEM_DELETE permission is required and should be removed (it's forgotten, when BE action were implemented). It's ok? The issue can be solved with removal this SYSTEM_DELETE permission?

Actions #4

Updated by Alena Peterová about 5 years ago

  • Subject changed from Bulk actions for systems require ROLE_READ and SYSTEM_DELETE to Displaying bulk actions for systems require ROLE_READ and SYSTEM_DELETE

Radek Tomiška wrote:

System delete bulk action should have SYSTEM_DELETE permission.

I checked some bulk actions for the system (acc) and they are correctly configured (delete, duplicate). Please specify concrete bulk action, which should be reconfigured.

I agree, the individual actions require correct permissions.

The issue is maybe connected with FE only (SystemTable), where additional SYSTEM_DELETE permission is required and should be removed (it's forgotten, when BE action were implemented). It's ok? The issue can be solved with removal this SYSTEM_DELETE permission?

Yes, exactly, I meant FE. I can't use any system bulk action now (e.g. Duplicate system), if I don't have both ROLE_READ and SYSTEM_DELETE. The ROLE_READ is required by the REST endpoints for system bulk actions, but I think it's copy-paste mistake from role bulk actions - it should require SYSTEM_READ instead.

Actions #5

Updated by Radek Tomiška about 5 years ago

  • Tracker changed from Task to Defect
  • Assignee changed from Ondřej Kopr to Radek Tomiška

I checked SystemDuplicateBulkAction and there is a correct permissions on BE - SYSTEM_READ and SYSTEM_UPDATE.

But i see the issue now, you have a right - copy / paste with forgotten ROLE_* permissions are directly on the rest endpoint (SysSystemController), where all actions are called - will be fixed there (+FE above).

Actions #6

Updated by Radek Tomiška about 5 years ago

  • Status changed from New to In Progress
  • Target version set to Quartz (9.6.0)
Actions #7

Updated by Radek Tomiška about 5 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

I've fixed all endpoints for the bulk action on all product controlers - they are under '<GROUP>_READ' permission now => every bulk action has her own security setting. I've added rest tests.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/f100faa98a0e04809eef9e78db2b26e00ac64b66

Could you do a feedback, pls?

Actions #8

Updated by Vít Švanda almost 5 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I made a review . It works nicely. Thanks for it.

Actions #9

Updated by Radek Tomiška almost 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF