-
Type:
Story
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Do
-
Affects Version/s: OpenIDM 6.0.0
-
Fix Version/s: None
-
Component/s: Module - Policy
-
Labels:
based on OPENIDM-9594
Policy conditions created in that JIRA work for User Self-Service progressive profiling, e.g.:
"condition" : { "type" : "queryFilter", "filter" : "/city eq \"Portland\"" },
(from the Progressive Profiling section
However, the change in OPENIDM-9594 was intended to work generally. If so, we should be able to modify the REST call in this section on Conditional Role Grants
But the following REST call fails:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "name": "fr-employee", "description": "Role granted to employees resident in France", "condition": { "type" : "queryFilter", "filter" : "/country eq \"FR\"" } }' \ "http://localhost:8080/openidm/managed/role?_action=create"
with the following message:
{ "code": 403, "reason": "Forbidden", "message": "Policy validation failed", "detail": { "result": false, "failedPolicyRequirements": [ { "policyRequirements": [ { "params": { "invalidType": "object", "validTypes": [ "string" ] }, "policyRequirement": "VALID_TYPE" } ], "property": "condition" } ] } }
Possible solution: update policy.js to avoid this failure, to enable the use of queryFilter for the condition described in https://ea.forgerock.com/docs/idm/integrators-guide/index.html#conditional-role-grants
- is required by
-
OPENIDM-9635 queryFilter: describe support for object config
-
- Closed
-