Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2404

Role exclusivity stopped working

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.2 (Tycho)
    • Fix Version/s: 3.2 (Tycho)
    • Component/s: None
    • Labels:
      None
    • Git Revision:
      git-v3.2devel-713-g5c80690

      Description

      1. role:

      <!--
  ~ Copyright (c) 2010-2013 Evolveum
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~     http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->

<role oid="12345678-d34d-b33f-f00d-987987987988"
        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
    <name>Pirate</name>
    <description>
     A role that "extends" sailor role. It includes the sailor role and adds
     more values to the account attributes.
    </description>
    <exclusion>
    	<description>A judge cannot be a pirate at the same time. At least not openly.</description>
    	<targetRef oid="12345111-1111-2222-1111-121212111111" type="c:RoleType"/>
    	<policy>enforce</policy>
    </exclusion>
</role>

      2. role:

      <!--
  ~ Copyright (c) 2010-2013 Evolveum
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~     http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->
<role oid="12345111-1111-2222-1111-121212111111"
        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
    <name>Judge</name>    
    <exclusion>
    	<description>A judge cannot be a pirate at the same time. At least not openly.</description>
    	<targetRef oid="12345678-d34d-b33f-f00d-987987987988" type="c:RoleType"/>
    	<policy>enforce</policy>
    </exclusion>
</role>

      3. assign both roles to user. It should not work, but it does.

        Attachments

          Activity

            People

            Assignee:
            vix Ivan Noris
            Reporter:
            vix Ivan Noris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: