Project

General

Profile

Defect #2567

Automatic role by EAV is not assigned when setting the EAV together with entity (e.g. through form projection)

Added by Alena Peterová 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
High
Category:
Automatic roles
Target version:
Start date:
11/09/2020
Due date:
% Done:

100%

Estimated time:
Affected versions:
Milestones:

Description

Tested on version 10.6.1
Steps to reproduce:
  • Create an automatic role by attribute for some EAV of identity
  • Create a form projection containing this EAV attribute
  • Create an identity with this form projection
  • Set the EAV attribute to the value which should assign the automatic role
  • The automatic role by attribute is not assigned

Note: When the automatic role is set to standard identity attribute, it is assigned correctly. Also automatic roles by organization are correctly assigned.


Related issues

Related to CzechIdM - Task #2248: Synchronization: save extended attribute values together with entityClosed05/12/2020

Related to CzechIdM - Task #1267: Support save EAV with EntityClosed09/24/2018

Related to CzechIdM - Task #2105: Dynamic form for identitiesClosed03/09/2020

History

#1 Updated by Vít Švanda 4 months ago

  • Assignee changed from Ondřej Kopr to Radek Tomiška

#2 Updated by Radek Tomiška 4 months ago

  • Related to Task #2248: Synchronization: save extended attribute values together with entity added

#3 Updated by Radek Tomiška 4 months ago

  • Related to Task #1267: Support save EAV with Entity added

#4 Updated by Radek Tomiška 4 months ago

  • Related to Task #2105: Dynamic form for identities added

#5 Updated by Radek Tomiška 4 months ago

  • Priority changed from Normal to High
  • Target version set to 10.6.3
  • Affected versions Morganite (9.2.0), 10.2.0, 10.5.0 added
  • Affected versions deleted (10.6.1)

The issue is there from version 9.2.0 - identity and contract can be saved together with eav values, this event is not handled in automatic roles by attribute processors properly.

This feature is used where is needed, but mainly in projection (@since 10.2.0), scim (@since 2.1.0 => 10.2.0)

#6 Updated by Radek Tomiška 4 months ago

  • Affected versions deleted (10.5.0)

I did test for assign automatic roles from synchronization - it works thx automatic roles are skipped for the first time (~from event, when entity is saved) and all is recalculated after synchronization ends (by synchronization setting or as dependent scheduled task).

So it affects projections in product mainly.

#7 Updated by Radek Tomiška 4 months ago

  • Status changed from New to In Progress

#8 Updated by Radek Tomiška 4 months ago

  • Subject changed from Automatic role by EAV is not assigned when setting the EAV through form projection to Automatic role by EAV is not assigned when setting the EAV together with entity (e.g. through form projection)

#9 Updated by Radek Tomiška 4 months ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

I fixed assign automatic roles by attribute, when entity is saved together with eav attributes.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/e7778218b93e1a81c067e56de0b3506cfb95d5cd

Could you provide me a feedback, please?

#10 Updated by Vít Švanda 4 months ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Radek Tomiška

I did review and tested it. Works fine. In the code I found only one thing: In AutomaticRoleAttributeRuleType can be AutomaticRoleAttributeRuleType null now. It means the IdmAutomaticRoleFilter will return all rules for CONTRACT/EAV too. It looks useless, but may be I missed something (If yes, please close this ticket).

#11 Updated by Radek Tomiška 4 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

Thx for feedback! Null AutomaticRoleAttributeRuleType is the main part of this fix - automatic roles for identity is skipped in projection and all automatic roles are evaluated, when automatic roles for contract are evaluated (null = IDENTITY + IDENTITY_EAV + CONTRACT + CONTRACT_EAV). When projection is saved, then identity and contract can have eavs defined and all rules are effective.

I've added integration test to acc synchronization with automatic roles configured:
https://github.com/bcvsolutions/CzechIdMng/commit/bfc7c5e44eb86f24d5bbab331dc94ce1e3d1ebeb

#12 Updated by Radek Tomiška 3 months ago

  • Related to Defect #2605: Automatic role by attribute generates duplicate role requests and assignes subroles directly added

#13 Updated by Radek Tomiška 3 months ago

  • Related to deleted (Defect #2605: Automatic role by attribute generates duplicate role requests and assignes subroles directly)

Also available in: Atom PDF

Go to top