Project

General

Profile

Actions
Copy link

Task #2574

closed

Local admin can't edit identity right after it's created

Added by Alena Peterová over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Authentication / Authorization
Target version:
10.7.0
Start date:
11/11/2020
Due date:
% Done:

100%

Estimated time:
Owner:

Description

We have a "local admin", who can manage only a specific group of users (all the users from some organization).
When the admin creates new users, the admin can't edit them immediately. Also, the dashboard is "frozen" in this state even after waiting for 1 minute (or manually evicting the permission-cache) - the admin must logout and login, or press F5.

This is similar to the issue #2384, but we can simulate it without any project specific implementation (only extras module). This is also quite a common request from our customers so we would like to have some product-way to solve this issue.

Steps to reproduce:
1) Create a role of a "local admin"

2) Create a new user as the local admin.

3) Immediately after saving, you can see only read-only detail

4) Wait for 1 minute or evict core:permission-cache
5) When closing and reopening the detail of the user (by default the dashboard), the expected buttons are still not visible (so you don't see how to get to the full detail, change password or change roles).

Tested on 10.6.1, 10.6.2 and current develop.

Files

Download all files
user_dashboard.png (25 KB) user_dashboard.png Alena Peterová, 11/11/2020 10:00 AM
user_after_save.png (18 KB) user_after_save.png Alena Peterová, 11/11/2020 10:00 AM
new_user.png (42 KB) new_user.png Alena Peterová, 11/11/2020 10:00 AM
local_admin.png (68.6 KB) local_admin.png Alena Peterová, 11/11/2020 10:05 AM

Related issues

Related to IdStory Identity Manager - Task #2366: Authorization policies - use cache for evaluate permissions (loading permissions for eav attributes is slow)ClosedRadek Tomiška07/03/2020

Actions
Actions
Copy link
 #1

Updated by Radek Tomiška over 3 years ago

  • Related to Task #2366: Authorization policies - use cache for evaluate permissions (loading permissions for eav attributes is slow) added
Actions
Copy link
 #2

Updated by Radek Tomiška over 3 years ago

  • Status changed from New to In Progress
  • Target version set to 10.7.0
Actions
Copy link
 #3

Updated by Radek Tomiška over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

Evaluating permissions is based on contracts (~ tree structure) in product by default => permission cache is evicted after contract is changed (CUD) for logged identity automatically now, so logged identity will obtain new permissions, after identity (~ contract) is changed.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/2c40274b83b2e24c197af98be31d011a5f62a300

Could you provide me a feedback, please?

Actions
Copy link
 #4

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100
Actions
Copy link
 #5

Updated by Vít Švanda over 3 years ago

  • Status changed from Resolved to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 100 to 90
Actions
Copy link
 #6

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I did reivew and tested it. Works fine now. Thnaks for this fix.

Actions
Copy link
 #7

Updated by Radek Tomiška over 3 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF