Project

General

Profile

Actions

Task #824

closed

Security for AccAccount

Added by Vít Švanda about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
-
Target version:
Start date:
11/07/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

We need to fully securite the accounts, because we want to show account (with attributes) on the identity detail now.


Related issues

Related to IdStory Identity Manager - Task #820: Manually delete accounts in protected stateClosedRadek Tomiška11/05/2017

Actions
Actions #1

Updated by Vít Švanda about 7 years ago

  • Service AccAccountService is secured now.
  • Filter from repository was rewrited to the predicates (in service).
  • Evaluator "AccountByIdentityEvaluator" created - user have rights on the accounts where is owner.
  • Evaluator "IdentityAccountByIdentityEvaluator" was removed.
  • Evaluator "IdentityAccountByAccountEvaluator" was created - user have rights on the identity-accounts by rights on his account.
  • Created tests in the DefaultAccAccountServiceTest.
  • Completed documentation in wiki and in version changelog.
Actions #2

Updated by Vít Švanda about 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
Actions #3

Updated by Radek Tomiška about 7 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 70

I did test and review, it works, thx! I found some issues:
- base permission can be added as parameter to methods for read connector object - the same behavior as service.get(id, permission)
- created authorization policies should be removed (or @Transactional + rollback), after test ended (try - finally block could be used).
- AccAccountController should extend abstract controller now + getPermission method should be exposed (see AccIdentityAccountController)
- Implement authorization policies on FE in account modals (see identity account modals).
- AccountByIdentityEvaluator doesn't support permission from ui- disable permission input is needed (override supportsPermissions method)
- AccountByIdentityEvaluator - method getAuthorities should be implemented the same way as getPermissions method
- Autocomplete authority should be added to accounts - accounts are autocompleted on password change form. Autocomplete method should be added to AccAccountController. It's used in password change content - account are missing now.

Actions #4

Updated by Vít Švanda about 7 years ago

Autocomplete authority should be added to accounts - accounts are autocompleted on password change form. Autocomplete method should be added to AccAccountController. It's used in password change content - account are missing

Fixed
AccAccountController should extend abstract controller now + getPermission method should be exposed (see AccIdentityAccountController)

Fixed
Implement authorization policies on FE in account modals (see identity account modals).

Fixed
AccountByIdentityEvaluator doesn't support permission from ui- disable permission input is needed (override supportsPermissions method)

Fixed
AccountByIdentityEvaluator - method getAuthorities should be implemented the same way as getPermissions method

Fixed - not same way as getPermission, but with use "authorizationManager.getAuthorities(identityId, IdmIdentity.class);"
 base permission can be added as parameter to methods for read connector object - the same behavior as service.get(id, permission)

Fixed

Actions #5

Updated by Vít Švanda about 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
Actions #6

Updated by Radek Tomiška about 7 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 70 to 100

I did test and review, everything works, thx!

Actions #7

Updated by Radek Tomiška about 7 years ago

  • Related to Task #820: Manually delete accounts in protected state added
Actions

Also available in: Atom PDF