Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-12692

DelegatedAdminFilter does not dissallow relationship attributes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0, 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: Module - Authorization
    • Environment:
      Linux MInt 18.3 Cinnamon 64-bit
      OpenIDM version "6.5.0" (build: 20181128123548, revision: 7b41aaf)
      OpenIDM version "7.0.0-SNAPSHOT" (build: 20190225161308, revision: 24f2d35)
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      1
    • Sprint:
      OpenIDM Sprint 7.0-4

      Description

      Story OPENIDM-11967

      Steps to reproduce:

      1. Run idm, create few users, give Delegated Admin ccess to one user (eg. fuser)
      2. RUn this query
        curl -X GET \
          'http://idm.example.com:8080/openidm/managed/user?_queryFilter=true&_fields=%2A,%2A_ref' \
          -H 'Cookie: session-jwt=' \
          -H 'X-OpenIDM-Password: Passw0rd' \
          -H 'X-OpenIDM-Username: fuser' \
          -H 'cache-control: no-cache'
        

      Expected result: DA is not able to see the respond. (request rejected with 401 or 403
      Actual result: Respond show users and ignore relationship attribute eg.

      {
          "result": [
              {
                  "_id": "c5427f72-9526-4824-be39-277e710bbc5f",
                  "_rev": "000000009391edbe",
                  "mail": "a@d.com",
                  "sn": "drak",
                  "givenName": "alex",
                  "userName": "fuser",
                  "accountStatus": "active"
              },
              {
                  "_id": "9c6ea4b2-7f09-44d2-a21e-7560a04422ef",
                  "_rev": "0000000054e90a8d",
                  "mail": "a@sss.com",
                  "sn": "sanislav",
                  "givenName": "sano",
                  "userName": "test",
                  "accountStatus": "active",
                  "city": "ova"
              }
          ],
          "resultCount": 2,
          "pagedResultsCookie": null,
          "totalPagedResultsPolicy": "NONE",
          "totalPagedResults": -1,
          "remainingPagedResults": -1
      }
      

        Attachments

          Activity

            People

            Assignee:
            katie.gonzalez Katie Gonzalez
            Reporter:
            alexander.dracka Alexander Dracka
            QA Assignee:
            Alexander Dracka Alexander Dracka
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: