Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-4361

Blank lines are shown in user listing for manager who has limited permissions to see only managed users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6 (Comenius)
    • Fix Version/s: 3.7.1, 3.8
    • Component/s: None
    • Labels:

      Description

      If manager has limited permissions to see only managed users then in Users - List users there are shown blank line for not-managed users.

      Manager has permissions via <authorization>:

         <authorization>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers</action>
         </authorization>
         <authorization>
            <name>users-read-parentorgref</name>
            <description>
          		Allow to read parentOrgRef user properties to be able to filter users based on org membership.
      		</description>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
            <object>
               <type>UserType</type>
            </object>
            <c:item>parentOrgRef</c:item>
         </authorization>
         <authorization>
            <name>users-read</name>
            <description>
          		Allow to read basic user properties to be able to display user details in user tab.
      		</description>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
            <object>
               <type>UserType</type>
               <orgRelation>
                  <subjectRelation>org:manager</subjectRelation>
                  <scope>allDescendants</scope>
                  <includeReferenceOrg>true</includeReferenceOrg>
               </orgRelation>
            </object>
         </authorization>
         <authorization>
            <name>modify-administrative-status</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
            <phase>request</phase>
            <object>
               <type>UserType</type>
               <orgRelation>
                  <subjectRelation>org:manager</subjectRelation>
                  <scope>allDescendants</scope>
                  <includeReferenceOrg>true</includeReferenceOrg>
               </orgRelation>
            </object>
            <c:item>activation/administrativeStatus</c:item>
         </authorization>
         <authorization>
            <name>org-mgr-gui-org-view1</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree</action>
         </authorization>
      

        Attachments

          Activity

            People

            • Assignee:
              attila.szlovak Attila Szlovák
              Reporter:
              attila.szlovak Attila Szlovák
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: