Task #418
closed
Authorization Policies - role request agenda
100%
Description
- add new identity permision for change permissions - will be used for changing subordinates permissions etc.
- secure role request and role concepts by identity
- secure role request agenda for role request administrators.
Related issues
Updated by Radek Tomiška over 7 years ago
- Precedes Task #375: Authorization Policies - roles and identities tabs added
Updated by Radek Tomiška over 7 years ago
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Updated by Radek Tomiška over 7 years ago
- Status changed from New to In Progress
Updated by Radek Tomiška over 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Ondřej Kopr
- % Done changed from 0 to 90
Role requests are secured now. New permission group 'ROLEREQUEST' was added with new authorization policy evaluators.
Documentation:
https://wiki.czechidm.com/devel/dev/security/authorization#selfrolerequestevaluator
https://wiki.czechidm.com/devel/dev/security/change-user-permissions#security
https://github.com/bcvsolutions/CzechIdMng/blob/develop/CHANGELOG.md
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/60d845d124677c711d34b8c730af0ca41a977891
Could you pls do a review?
Updated by Ondřej Kopr over 7 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Radek Tomiška
- % Done changed from 90 to 100
I did review:
- thanks for hide _processVariablesJson for simple users,
- thanks for moving agenda 'Requests for role' to audit - it is simplest,
- i didnt find any problem with my old tasks - awesome backward compatibility (i just add new permissions to default role),
- new evaluators works perfectly! Thanks!
i just add field for show applicant (implementer), some people might be rude if this item was missing :))) (maybe i forgot to add it in another task...)
commit: https://github.com/bcvsolutions/CzechIdMng/commit/02df27b7488194af2234a38127ac7c75f574d56e
works nice and smoothly.
Updated by Radek Tomiška over 7 years ago
- Status changed from Resolved to Closed