Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10603

Unexpected "manager" property in the "before" of activity audit records when patching manager on a user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 6.0.0
    • Fix Version/s: 6.5.0
    • Environment:
      OpenIDM version "6.0.0-SNAPSHOT" (build: 20180405211918, revision: 35ebee3) with MySQL repo
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      3
    • Sprint:
      OpenIDM Sprint 90, OpenIDM Sprint 6.5-10.2

      Description

      Unexpected "manager" property in the "before" of activity audit records when patching manager on a user.
      The "manager" property is "returnByDefault" False so we expect it to be absent from "before" and "after" properties in activity audit records by default.

      Steps to reproduce:

      1) create a user employee

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"mail":"j@d.com","sn":"doe","givenName":"john","userName":"employee"}' http://localhost:8080/openidm/managed/user/employee  | jq '.'
      

      2) create users boss1, boss2 and boss3

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"mail":"b@d.com","sn":"palmer","givenName":"jim","userName":"boss1"}' http://localhost:8080/openidm/managed/user/boss1  | jq '.'
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"mail":"b@d.com","sn":"palmer","givenName":"jim","userName":"boss2"}' http://localhost:8080/openidm/managed/user/boss2  | jq '.'
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"mail":"b@d.com","sn":"palmer","givenName":"jim","userName":"boss3"}' http://localhost:8080/openidm/managed/user/boss3  | jq '.'
      

      3) set boss1 as manager of employee with PATCH REPLACE

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --request PATCH --data '[{"operation":"replace","field":"/manager","value":{"_ref":"managed/user/boss1","_refProperties":{}}}]' http://localhost:8080/openidm/managed/user/employee | jq '.' 
      

      This operation creates 2 records in activity audit:

      • one record for the event "relationship_created"
      • one record the the patch on the managed user.

      For the patch on the managed user we get:

      {
        "transactionId": "ae01c839-6e62-48cc-8a04-e6dc8271a059-263",
        "timestamp": "2018-04-06T08:25:26.056Z",
        "eventName": "activity",
        "userId": "openidm-admin",
        "runAs": "openidm-admin",
        "operation": "PATCH",
        "before": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "0",
          "manager": null
        },
        "after": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "1",
          "_meta": {
            "_ref": "internal/usermeta/1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refResourceCollection": "internal/usermeta",
            "_refResourceId": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refProperties": {
              "_id": "c18f2ae9-d680-4e11-a45a-8d4aa74cc8dc",
              "_rev": "0"
            },
            "createDate": "2018-04-06T08:25:12.149Z",
            "lastChanged": {
              "date": "2018-04-06T08:25:26.044Z"
            },
            "loginCount": 0,
            "_id": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_rev": "1"
          }
        },
        "changedFields": [
          
        ],
        "revision": "1",
        "message": "",
        "objectId": "managed/user/employee",
        "passwordChanged": false,
        "status": "SUCCESS",
        "_id": "ae01c839-6e62-48cc-8a04-e6dc8271a059-270"
      }
      

      => it looks OK that "manager" is not found in "after" because it is returnByDefault False.
      => but it is strange/unexpected that the "manager" property appears in the "before" property.
      This difference between "before" and "after" behaviour can be confusing

      4) we update manager of employee to boss2 using PATCH REPLACE on "manager" property

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --request PATCH --data '[{"operation":"replace","field":"/manager","value":{"_ref":"managed/user/boss2","_refProperties":{}}}]' http://localhost:8080/openidm/managed/user/employee
      

      This operation creates 3 records in activity audit:

      • one record for the event "relationship_created" => relationship employee<>boss2
      • one record for the event "relationship_deleted" => relationship employee<>boss1
      • one record the the patch on the managed user.

      Here is the record for the patch on the user:

      {
        "transactionId": "ae01c839-6e62-48cc-8a04-e6dc8271a059-316",
        "timestamp": "2018-04-06T08:26:01.724Z",
        "eventName": "activity",
        "userId": "openidm-admin",
        "runAs": "openidm-admin",
        "operation": "PATCH",
        "before": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "1",
          "manager": {
            "_ref": "managed/user/boss1",
            "_refResourceCollection": "managed/user",
            "_refResourceId": "boss1",
            "_refProperties": {
              "_id": "3e6a4d21-f2dc-40ee-941d-64c2f7ce0763",
              "_rev": "0"
            }
          }
        },
        "after": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "2",
          "_meta": {
            "_ref": "internal/usermeta/1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refResourceCollection": "internal/usermeta",
            "_refResourceId": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refProperties": {
              "_id": "c18f2ae9-d680-4e11-a45a-8d4aa74cc8dc",
              "_rev": "0"
            },
            "createDate": "2018-04-06T08:25:12.149Z",
            "lastChanged": {
              "date": "2018-04-06T08:26:01.715Z"
            },
            "loginCount": 0,
            "_id": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_rev": "2"
          }
        },
        "changedFields": [
          
        ],
        "revision": "2",
        "message": "",
        "objectId": "managed/user/employee",
        "passwordChanged": false,
        "status": "SUCCESS",
        "_id": "ae01c839-6e62-48cc-8a04-e6dc8271a059-324"
      }
      

      => it looks OK that "manager" is not found in "after" because it is returnByDefault False.
      => but it is strange/unexpected that the "manager" property appears in the "before" property.
      This difference between "before" and "after" behaviour can be confusing

      5) we update manager of employee to boss3 using PATCH REPLACE on "manager" property using _fields=,_ref

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --request PATCH --data '[{"operation":"replace","field":"/manager","value":{"_ref":"managed/user/boss3","_refProperties":{}}}]' http://localhost:8080/openidm/managed/user/employee?_fields=*,*_ref
      

      This operation creates 3 records in activity audit:

      • one record for the event "relationship_created" => relationship employee<>boss2
      • one record for the event "relationship_deleted" => relationship employee<>boss1
      • one record the the patch on the managed user.

      Here is the record for the patch on the user:

      {
        "transactionId": "ae01c839-6e62-48cc-8a04-e6dc8271a059-364",
        "timestamp": "2018-04-06T08:26:31.671Z",
        "eventName": "activity",
        "userId": "openidm-admin",
        "runAs": "openidm-admin",
        "operation": "PATCH",
        "before": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "2",
          "manager": {
            "_ref": "managed/user/boss2",
            "_refResourceCollection": "managed/user",
            "_refResourceId": "boss2",
            "_refProperties": {
              "_id": "6af177ad-aefb-4921-ae70-247f55e9422a",
              "_rev": "0"
            }
          },
          "_meta": {
            "_ref": "internal/usermeta/1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refResourceCollection": "internal/usermeta",
            "_refResourceId": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refProperties": {
              "_id": "c18f2ae9-d680-4e11-a45a-8d4aa74cc8dc",
              "_rev": "0"
            }
          },
          "reports": [
            
          ],
          "roles": [
            
          ],
          "authzRoles": [
            {
              "_ref": "repo/internal/role/openidm-authorized",
              "_refResourceCollection": "repo/internal/role",
              "_refResourceId": "openidm-authorized",
              "_refProperties": {
                "_id": "7862a666-5b5d-4836-8e26-1a45b08b9efe",
                "_rev": "0"
              }
            }
          ]
        },
        "after": {
          "mail": "j@d.com",
          "sn": "doe",
          "givenName": "john",
          "userName": "employee",
          "accountStatus": "active",
          "effectiveRoles": [
            
          ],
          "effectiveAssignments": [
            
          ],
          "_id": "employee",
          "_rev": "3",
          "manager": {
            "_ref": "managed/user/boss3",
            "_refResourceCollection": "managed/user",
            "_refResourceId": "boss3",
            "_refProperties": {
              "_id": "825432ae-b942-4b08-b323-c0ac48764d7b",
              "_rev": "0"
            }
          },
          "_meta": {
            "_ref": "internal/usermeta/1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refResourceCollection": "internal/usermeta",
            "_refResourceId": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_refProperties": {
              "_id": "c18f2ae9-d680-4e11-a45a-8d4aa74cc8dc",
              "_rev": "0"
            },
            "createDate": "2018-04-06T08:25:12.149Z",
            "lastChanged": {
              "date": "2018-04-06T08:26:31.660Z"
            },
            "loginCount": 0,
            "_id": "1e4e44fd-8cfd-412a-acf4-bfe673082198",
            "_rev": "3"
          },
          "reports": [
            
          ],
          "roles": [
            
          ],
          "authzRoles": [
            {
              "_ref": "repo/internal/role/openidm-authorized",
              "_refResourceCollection": "repo/internal/role",
              "_refResourceId": "openidm-authorized",
              "_refProperties": {
                "_id": "7862a666-5b5d-4836-8e26-1a45b08b9efe",
                "_rev": "0"
              }
            }
          ]
        },
        "changedFields": [
          
        ],
        "revision": "3",
        "message": "",
        "objectId": "managed/user/employee",
        "passwordChanged": false,
        "status": "SUCCESS",
        "_id": "ae01c839-6e62-48cc-8a04-e6dc8271a059-372"
      }
      

      => in this case, the "before" and "after" are both including the "manager" property. That looks expected as we retrieved it with the _fields=,_ref argument.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                laurent.bristiel Laurent Bristiel [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: