Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2404

Role exclusivity stopped working

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.2 (Tycho)
    • Fix Version/s: 3.2 (Tycho)
    • Component/s: None
    • Labels:
      None
    • Git Revision:
      git-v3.2devel-713-g5c80690

      Description

      1. role:

      <!--
        ~ Copyright (c) 2010-2013 Evolveum
        ~
        ~ Licensed under the Apache License, Version 2.0 (the "License");
        ~ you may not use this file except in compliance with the License.
        ~ You may obtain a copy of the License at
        ~
        ~     http://www.apache.org/licenses/LICENSE-2.0
        ~
        ~ Unless required by applicable law or agreed to in writing, software
        ~ distributed under the License is distributed on an "AS IS" BASIS,
        ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
        ~ See the License for the specific language governing permissions and
        ~ limitations under the License.
        -->
      
      <role oid="12345678-d34d-b33f-f00d-987987987988"
              xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
              xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
              xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
          <name>Pirate</name>
          <description>
           A role that "extends" sailor role. It includes the sailor role and adds
           more values to the account attributes.
          </description>
          <exclusion>
          	<description>A judge cannot be a pirate at the same time. At least not openly.</description>
          	<targetRef oid="12345111-1111-2222-1111-121212111111" type="c:RoleType"/>
          	<policy>enforce</policy>
          </exclusion>
      </role>
      

      2. role:

      <!--
        ~ Copyright (c) 2010-2013 Evolveum
        ~
        ~ Licensed under the Apache License, Version 2.0 (the "License");
        ~ you may not use this file except in compliance with the License.
        ~ You may obtain a copy of the License at
        ~
        ~     http://www.apache.org/licenses/LICENSE-2.0
        ~
        ~ Unless required by applicable law or agreed to in writing, software
        ~ distributed under the License is distributed on an "AS IS" BASIS,
        ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
        ~ See the License for the specific language governing permissions and
        ~ limitations under the License.
        -->
      <role oid="12345111-1111-2222-1111-121212111111"
              xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
              xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
          <name>Judge</name>    
          <exclusion>
          	<description>A judge cannot be a pirate at the same time. At least not openly.</description>
          	<targetRef oid="12345678-d34d-b33f-f00d-987987987988" type="c:RoleType"/>
          	<policy>enforce</policy>
          </exclusion>
      </role>
      

      3. assign both roles to user. It should not work, but it does.

        Attachments

          Activity

            People

            Assignee:
            vix Ivan Noris
            Reporter:
            vix Ivan Noris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: