#11 Updated by Vít Švanda about 2 months ago
I found big issue with overridding attributes in case where UID attribute is overridden. In this scenario, I am unable to evaluate which group (to which account) the attribute belongs to because I don't have a link between the account and the identity. As a workaround, I made a decision/constraint:
A role that is in a cross-domain group and or is no-login cannot overload a UID attribute.
The implementation solves the problem by looking up the overloaded attributes to see if any of the standard attributes overloads the UID attribute, if so I don't look for any additional attributes. If not, I find any attributes that are in a cross-domain group or are no-login.
#14 Updated by Vít Švanda about 2 months ago
- After discussion, I implemented new feature. Values from others cross-domain systems are returned on FE (on a detail of Account) now.
- Provisioning was redesigned for this feature and for prevent useless loadings (performance).
- Next complex test for cross-domain was added.
#15 Updated by Vít Švanda about 2 months ago
- % Done changed from 70 to 80
- Implemented next tests for cross-domains and no-login role feature.
- I changed implementation for automatic and business role - accounts are not created now (for roles in cross-domain groups or for no-login roles).
- Tests for automatic and business roles implemented too.
All changes are merged in the develop now.
#16 Updated by Vít Švanda about 2 months ago
I modified force role delete for support delete of identity-role->role-system relations.
#18 Updated by Radek Tomiška about 1 month ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Vít Švanda
I did code review and test basic functionality. Feature is really complex, good job.
I found only minor review notes:
- [minor] MSSQL change script - varchar data type is forgotten for description (=> nvarchar(2000))
- [minor] SYSTEMGROUP - ADMIN permission is missing in enumeration (=> item missing on FE for configuration)
- [minor] DefaultSysSystemGroupSystemService#saveInternal - @Transactional annotation is missing
- [minor] I like assigned role table columns are configurable now, awesome! Add pls new configuration property with available columns descrition into doc https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#applicationserver
- [trivial] IdmRoleSystemFilter - constructors are before fields
- [trivial] SystemGroup and SystemGroupService shares the same permission group - I'm not sure if this will work in all use cases (~ on FE are two permissions anyway)
- [trivial] Help icon is missing on filter with like usage in system group agenda
- [note only] I like count method usage, this can improve performance.
- [note only] I like newly created data filters (e.g. SysSystemGroupSystemFilter.java ), thx :) !
- [note only] Warnings are in code (unused imports, unused fields, missing serial version id etc.)
- [note only] Rest test for newly created controllers (e.g. SysSystemGroupController) and bulk actions are missing (~ find / getPredicates method is not fully tested)
- [note only] #applyContext method can be used instead #toDto method (~ no functional impact, just possibility to arrange code)
#19 Updated by Vít Švanda about 1 month ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
Thanks for feedback. You have good eye (MS SQL script for example).
I fixed all minor and trivial issues (I hope) and I tried remove all unused imports.