-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: OpenIDM 5.0.0, OpenIDM 5.5.0
-
Fix Version/s: None
-
Component/s: Module - Policy
-
Labels:
When creating a relationship between two objects, any policy on the relationship itself does not have access to the child attributes (e.g. _refProperties) if the relationship is created directly against the relationship collection.
As an example, the UI performs the following when adding a role to a managed/user:
POST http://localhost:8080/openidm/managed/user/342e91a7-b0f2-4950-9270-91ee83c44926/roles?_action=create
{"_ref":"managed/role/778fa522-f1c7-493a-be29-e6b7e418eb10","_refProperties":{"temporalConstraints":[],"_grantType":""}}
Which has the following content for the 'fullObject' within policy.js:
INFO: fullObject: {preferences={updates=false, marketing=false}, mail=test@test.com, sn=test, givenName=test, userName=test}
If adding the role directly to the user object:
POST http://localhost:8080/openidm/managed/user/342e91a7-b0f2-4950-9270-91ee83c44926?_action=patch
[{"operation":"replace","field":"roles","value": [{"_ref": "managed/role/778fa522-f1c7-493a-be29-e6b7e418eb10","_refProperties": {"temporalConstraints": [],"_grantType": ""}}]}]
Then the entire role object is available to the policy:
INFO: fullObject: {preferences={updates=false, marketing=false}, mail=test@test.com, sn=test, givenName=test, userName=test, accountStatus=active, lastChanged={date=2018-04-17T09:53:40.143Z}, effectiveRoles=[], effectiveAssignments=[], _rev=000000008eb4bc61, _id=342e91a7-b0f2-4950-9270-91ee83c44926}