Task #842
closed
Automatic role by attribute
100%
Description
Role can be add by value that is store in attribute (identity, identity eav, contract, contract eav).
Minimal request for this task:- transform current solution of automatic role (RoleTreeNode) to automatic roles (change controller, service, repository, all places where is used BE + FE) - ?,
- create automatic role by attribute configuration entity (service, repository, controller, same in FE) - 6h,
- create automatic role by attribute rule entity (service, repository, controller, same in FE) - 6h,
- automatic role by attribute is assignment by only one rule (for now) - 8h,
- for evaluation rule is used only 'equals' statement - 4h,
- by one automatic role by attribute can be assignment more roles (create another entity - connection between configuration and role) (service, repository, controller, same in FE) - 6h,
- create new agenda for both types of automatic roles (treeNode, attribute) - CRUD operation (update operation for all automatic role is not allowed) - ~5h,
- create new automatic role by attribute is approve (same behavior as automatic role by tree node) - 2h?,
- change automatic role agenda in role detail (now exists two types, modal window for add new automatic role isn't sufficient) - 3h,
- change automatic role agenda in tree node detail (show only one type of automatic role) - 3h,
- documentation, tutorial? - 8h,
- tests - 8h.
Files
Related issues
Updated by Ondřej Kopr over 6 years ago
- % Done changed from 0 to 20
After consultation with team, we decided that all current logic, entity, service, controller stay as it (better backward compatibility), is necessary return all changes that i made and transfer only new abstract entity and new entity. Flayway script must be also removed and replaced by new.
Updated by Ondřej Kopr over 6 years ago
- % Done changed from 20 to 50
I started with implement logic assign new automatic roles by attribute, for now working add automatic roles by attributes by identity attributes (after identity save is these automatic role recalculated).
Updated by Ondřej Kopr over 6 years ago
- % Done changed from 50 to 70
Today I finished first implementation of automatic role by attribute + tests. I will start with implement better UX for recalculate automatic role after update one of rule. After some discussion we decided that I will use concept system (it is necessary add new boolean column 'concept' for idm_auto_role_attribute) after edit or add some rule for automatic role this flag will be set to true and after recalculate is set to back to false, in FE will be added alert block with information about inconsistent state.
Documentation isn't implemented yet.
Updated by Ondřej Kopr over 6 years ago
- % Done changed from 70 to 90
Documentation:
doc: https://wiki.czechidm.com/devel/documentation/roles#automatically_assigned_roles_by_attribute
dev dev: https://wiki.czechidm.com/devel/dev/automatic-roles-by-attribute
ER diagram will be done after merge automatic roles by attribute to develop (merge conflicts in xml :( )
edit: After consult with Marcel added some localization correction with concept state. I also added new processor for set concept state.
Updated by Ondřej Kopr over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Radek Tomiška
Please Radek could you make a review? Just check code and main functionality and then I add this feedback to Marcel and he make test from administrator view. Thank you.
Implementation could by found in own branch: https://github.com/bcvsolutions/CzechIdMng/tree/okopr/842-auto-roles
Beware, new flyway scripts exists in this branch.
ER diagram missing, i made this after commit to devel branch.
Updated by Ondřej Kopr over 6 years ago
- Assignee changed from Radek Tomiška to Marcel Poul
Updated by Marcel Poul over 6 years ago
- Assignee changed from Marcel Poul to Ondřej Kopr
Updated by Ondřej Kopr over 6 years ago
- Assignee changed from Ondřej Kopr to Marcel Poul
Thank you Marcel for your feedback :)
I fixed these issues from your feedback:- filter on page is now by default hidden,
- add some localization message,
- adding automatic role that hasn't rules is by default skipped,
- when is role in concept state is also add or remove for identity skipped,
- fix tests, test are not passed because recalculating for concept state,
- switch buttons 'Save and continue' and 'Save',
- also I create new tasks from Marcel request, this tasks is possible add to some beginners (#894, #895).
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/84ff65ceee86f81ce38af8e97dedd4ee7aa7ea0b
Please Marcel can you continue with feedback? Thanks.
Updated by Marcel Poul over 6 years ago
Did a quick retest. Works fine for list you provided above.
Two things- I chose a boolean attribute "Diasbled" on identity and as value typed "true". Expected that all disabled users gets the role. After save, nothing happed. It just saved the role as a concept. Either add a warning for the user that the boolean is not supported (and other data types) or implement the supporting of it.
- Theoretically if I save the rule and recalculation starts as LRT, I can change the user's attribute value. E.g. attribute value is 3. Recalculation starts and then a change it to 4. LRT will grant the user the role even it shouldn't have it. This is not an easy task, so I think we can live with it for some time.
Updated by Marcel Poul over 6 years ago
- Assignee changed from Marcel Poul to Ondřej Kopr
Updated by Ondřej Kopr over 6 years ago
- Status changed from Needs feedback to In Progress
- % Done changed from 90 to 70
After consult with Marcel, Zdenek and core team was decided that will be add comparsion for another java types for automatic roles. This means that to compare method will be add comparison for each possible java type.
Updated by Ondřej Kopr over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Marcel Poul
- % Done changed from 70 to 90
I add new compare for other data types, like double, int, long, boolean. I refactored FE rule detail I added face for other types and BE compare. Tests are includes.
New features:- boolean, datetime and other types works now,
- add new column for rules table: attribute name,
- add new input faces in rule detail,
- add button that show standard textfield input.
Please Marcel could you made a next review? This is bigger feature.
Missing: update ER diagram
commit: https://github.com/bcvsolutions/CzechIdMng/commit/033cb2cc1a7dd705be74365d1c5fd80e0bb2c7f7
Updated by Marcel Poul over 6 years ago
- for the first save of the rule (Form attribute Floor, type is Integer, value either empty or 2) I get an error
METHOD_NOT_ALLOWED (405:4e51545e-2d06-49c0-a3ad-05875dfdd53f)
Could not read document: Can not deserialize instance of java.lang.String out of START_OBJECT token at [Source: java.io.PushbackInputStream@7aad3ff3; line: 1, column: 121] (through reference chain: eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleDto["value"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize instance of java.lang.String out of START_OBJECT token at [Source: java.io.PushbackInputStream@7aad3ff3; line: 1, column: 121] (through reference chain: eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleDto["value"])
- there is no red star sign to indicated that the attribute is mandatory. See the attached file.
- please remove the button Show a text field. It is confusing.
- After I click on recalculation YES (popup) it brings me to the detail, where still the Concept is displayed. It is very confusing from the admin's perspective. There are more possible solutions for this.
*I am OK with the easy one, that the Concept is turned FALSE after user click the YES button or recalculate button.
*More sophisticated solution would be to add a new state "Recalculating" next to "Concept". After a discussion with Ondra, he picked up the situation when the server is shut down. After IdM starts, the Auto role would be in a state "Recalculating". We can live with that for some time. After all, we will have to address this issue for other LRTs like auto roles by tree structures, synchronizations etc.
Updated by Marcel Poul over 6 years ago
- Assignee changed from Marcel Poul to Ondřej Kopr
Updated by Ondřej Kopr over 6 years ago
After big team consult we resolved problem with automatic role state (concept, state, running):
- Current solution with concept flag will be part of version 7.7.0 in version 7.8.0 will be the concept replaced by new feature with operation state,
- new feature operation state (or dirty flag) will be implemented for another entity and it will be universal and sufficiently abstract,
- enum state with concept, running it not will be implemented to current solution because in version 7.8.0 will be implemented new feature see above.
Actual solution with boolean flag concept isn't the best solution, but it is the maximum that can be done for now.
There is task with new feature: #915
Updated by Ondřej Kopr over 6 years ago
- Assignee changed from Ondřej Kopr to Radek Tomiška
Thank you Marcel for your feedback I fixed these things:
- EAV form attribute component now has asterix and required,
- removed button 'Show a text field',
- bug with METHOD_NOT_ALLOWED is fixed in frontend componed I added explicit cast to String.
Thank you for your feedback
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/12a2e07346cd23f42b82eaec5599a0dfb54f974b
I add this task for second Radek feedback.
Please Radek could you check this bigger feature? Thank you.
Solution can be found in branch: https://github.com/bcvsolutions/CzechIdMng/compare/okopr/842-auto-roles
Pull request: https://github.com/bcvsolutions/CzechIdMng/pull/17
Diff: https://github.com/bcvsolutions/CzechIdMng/pull/17/files
Thank you Radek :)
Updated by Ondřej Kopr over 6 years ago
I changed change concept state before start recalculation, I merged actual develop and resolved conflicts.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/63af85a8feebf0d574f82412c3adce128a40ac57
Updated by Radek Tomiška about 6 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Ondřej Kopr
I did test and review. New feature works and code is ok, you are awesome!
I fixed some frontend issues. Remaining issues:
- cs locale (e.g. AutomaticRole.role) is english
- attribute detail should be refreshed, after recalculate is submitted
- rule detail is not refreshed, when rule is edited - e.g. when identity disabled attribute is selected - then input box value is not boolena enum select box
- approving new automatic role with attribute is called too early, when attribute doesn't have rules defined (maybe could be removed now and implemented in future)
- add referential integrity - when role is deleted, when eav attribute is deleted
edit: + localization permission
Updated by Ondřej Kopr about 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Radek Tomiška
Thank you for feedback and resolve my mistakes:
I fixed these things:- fixed missing localization,
- attribute detail is now refreshed after push recalculation,
- removed approving from automatic roles by attribute + update documentation,
- added referential integrity with role and form attribute,
- fixed face type in rule detail,
- added localization for permissions.
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/a4ca927a6b9a5d30392d659ebfd3469518c5462d (develop)
Please could you check this fix? Thank you :)
Updated by Radek Tomiška about 6 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Ondřej Kopr
- % Done changed from 90 to 100
It's ok, thx.
Note: approving new automatic role with attribute will be solved in #938.
Updated by Radek Tomiška about 6 years ago
- Due date set to 02/01/2018
- Start date changed from 11/20/2017 to 02/01/2018
- Follows Feature #938: Approving for automatic roles by attribute added
Updated by Radek Tomiška over 3 years ago
- Related to Defect #2422: IdmRoleTreeNodeFilter doesn't search by automatic role name added