Task #2883
closed
Cross-domains
Added by Vít Švanda almost 3 years ago. Updated over 2 years ago.
100%
Related issues
Updated by Vít Švanda almost 3 years ago
- Related to Task #2875: Cross-domains - analysis added
Updated by Vít Švanda almost 3 years ago
- % Done changed from 10 to 30
- Automatic and business roles create accounts even if default creation is disabled!
- Role deduplication supports idm-role-system now.
- Concept detail show system (in edit mode too).
Updated by Vít Švanda almost 3 years ago
The system is displayed in the IdentityRole table. The IdentityRole table now has configurable columns.
Updated by Vít Švanda over 2 years ago
I found big issue with overridding attributes in case where UID attribute is overridden. In this scenario, I am unable to evaluate which group (to which account) the attribute belongs to because I don't have a link between the account and the identity. As a workaround, I made a decision/constraint:
A role that is in a cross-domain group and or is no-login cannot overload a UID attribute.
The implementation solves the problem by looking up the overloaded attributes to see if any of the standard attributes overloads the UID attribute, if so I don't look for any additional attributes. If not, I find any attributes that are in a cross-domain group or are no-login.
Updated by Vít Švanda over 2 years ago
- % Done changed from 60 to 70
Solved problem with IdmRoleThin entity. Disable filter validation in IC module.
Updated by Vít Švanda over 2 years ago
- I implemented first 3 tests for cross-domains in IdM.
Updated by Vít Švanda over 2 years ago
- After discussion, I implemented new feature. Values from others cross-domain systems are returned on FE (on a detail of Account) now.
- Provisioning was redesigned for this feature and for prevent useless loadings (performance).
- Next complex test for cross-domain was added.
Updated by Vít Švanda over 2 years ago
- % Done changed from 70 to 80
- Implemented next tests for cross-domains and no-login role feature.
- I changed implementation for automatic and business role - accounts are not created now (for roles in cross-domain groups or for no-login roles).
- Tests for automatic and business roles implemented too.
All changes are merged in the develop now.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/dfc8c58f400c4854602c4d4deb4318fddd479d01
Updated by Vít Švanda over 2 years ago
Documentation is here:
https://wiki.czechidm.com/devel/documentation/cross-domains
https://wiki.czechidm.com/devel/documentation/adm/cross-domains
I modified force role delete for support delete of identity-role->role-system relations.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/ca5000c4c5aa16c6e9d1de44f9b4082164b905e5
Updated by Vít Švanda over 2 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 80 to 90
Updated by Radek Tomiška over 2 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Vít Švanda
I did code review and test basic functionality. Feature is really complex, good job.
I found only minor review notes:
- [minor] MSSQL change script - varchar data type is forgotten for description (=> nvarchar(2000))
- [minor] SYSTEMGROUP - ADMIN permission is missing in enumeration (=> item missing on FE for configuration)
- [minor] DefaultSysSystemGroupSystemService#saveInternal - @Transactional annotation is missing
- [minor] I like assigned role table columns are configurable now, awesome! Add pls new configuration property with available columns descrition into doc https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#applicationserver
- [trivial] IdmRoleSystemFilter - constructors are before fields
- [trivial] SystemGroup and SystemGroupService shares the same permission group - I'm not sure if this will work in all use cases (~ on FE are two permissions anyway)
- [trivial] Help icon is missing on filter with like usage in system group agenda
- [note only] I like count method usage, this can improve performance.
- [note only] I like newly created data filters (e.g. SysSystemGroupSystemFilter.java ), thx :) !
- [note only] Warnings are in code (unused imports, unused fields, missing serial version id etc.)
- [note only] Rest test for newly created controllers (e.g. SysSystemGroupController) and bulk actions are missing (~ find / getPredicates method is not fully tested)
- [note only] #applyContext method can be used instead #toDto method (~ no functional impact, just possibility to arrange code)
Updated by Vít Švanda over 2 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
Thanks for feedback. You have good eye (MS SQL script for example).
I fixed all minor and trivial issues (I hope) and I tried remove all unused imports.
Commits:
https://github.com/bcvsolutions/CzechIdMng/commit/a2e1799bdc63b0a9c26505552f8d3e8ec11275ef
https://github.com/bcvsolutions/CzechIdMng/commit/9eb2ff9e8ca6999b092114f58bd737a5e818e289
Updated by Radek Tomiška over 2 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 90 to 100
I did code revie again, thx for fixes.
Updated by Radek Tomiška over 2 years ago
- Status changed from Resolved to Closed