Task #824
closed
Security for AccAccount
100%
Description
We need to fully securite the accounts, because we want to show account (with attributes) on the identity detail now.
Related issues
Updated by Vít Švanda over 6 years ago
- Service AccAccountService is secured now.
- Filter from repository was rewrited to the predicates (in service).
- Evaluator "AccountByIdentityEvaluator" created - user have rights on the accounts where is owner.
- Evaluator "IdentityAccountByIdentityEvaluator" was removed.
- Evaluator "IdentityAccountByAccountEvaluator" was created - user have rights on the identity-accounts by rights on his account.
- Created tests in the DefaultAccAccountServiceTest.
- Completed documentation in wiki and in version changelog.
Updated by Vít Švanda over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
Updated by Radek Tomiška over 6 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 70
I did test and review, it works, thx! I found some issues:
- base permission can be added as parameter to methods for read connector object - the same behavior as service.get(id, permission)
- created authorization policies should be removed (or @Transactional + rollback), after test ended (try - finally block could be used).
- AccAccountController should extend abstract controller now + getPermission method should be exposed (see AccIdentityAccountController)
- Implement authorization policies on FE in account modals (see identity account modals).
- AccountByIdentityEvaluator doesn't support permission from ui- disable permission input is needed (override supportsPermissions method)
- AccountByIdentityEvaluator - method getAuthorities should be implemented the same way as getPermissions method
- Autocomplete authority should be added to accounts - accounts are autocompleted on password change form. Autocomplete method should be added to AccAccountController. It's used in password change content - account are missing now.
Updated by Vít Švanda over 6 years ago
Autocomplete authority should be added to accounts - accounts are autocompleted on password change form. Autocomplete method should be added to AccAccountController. It's used in password change content - account are missing
Fixed
AccAccountController should extend abstract controller now + getPermission method should be exposed (see AccIdentityAccountController)
Fixed
Implement authorization policies on FE in account modals (see identity account modals).
Fixed
AccountByIdentityEvaluator doesn't support permission from ui- disable permission input is needed (override supportsPermissions method)
Fixed
AccountByIdentityEvaluator - method getAuthorities should be implemented the same way as getPermissions method
Fixed - not same way as getPermission, but with use "authorizationManager.getAuthorities(identityId, IdmIdentity.class);"
base permission can be added as parameter to methods for read connector object - the same behavior as service.get(id, permission)
Fixed
Updated by Vít Švanda over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
Updated by Radek Tomiška over 6 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 70 to 100
I did test and review, everything works, thx!
Updated by Radek Tomiška over 6 years ago
- Related to Task #820: Manually delete accounts in protected state added