Defect #2336
closed
Authorization policies - policies for standard logged user (self) and manager (by subordinate) cannot be configured together
100%
Description
Support combine SelfIdentityEvaluator and IdentityContractByIdentityEvaluator to cover UC:
- logged identity can change roles for all it's contracts,
- logged manager can change roles for subondinate contracts only.
Add new option 'CHANGEPERMISSION' for IdentityContractByIdentityEvaluator to include this permision from identity tyransitivelly.
@affected version 10.3.0
Updated by Radek Tomiška over 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
I've added available option 'CHANGEPERMISSION' to IdentityContractByIdentityEvaluator configuration.
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/89f10f51a4f9c13f2da741a31b0244882e8d4f40
Doc:
https://wiki.czechidm.com/devel/documentation/security/dev/authorization#default_settings_of_permissions_for_an_identity_profile
https://wiki.czechidm.com/devel/documentation/security/dev/authorization#manager_and_subordinates
Could you provide me a feedback, please?
Updated by Vít Švanda over 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and tested it. Thanks for this fix.
Updated by Radek Tomiška over 4 years ago
- Status changed from Resolved to Closed