Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13304

Investigation to verify if augmentation filter logic will account for privilege filtering.

    Details

    • Target Version/s:
    • Story Points:
      3
    • Sprint:
      2019.9 - IDM

      Description

      Consider the following request:

      GET http://localhost:8080/openidm/managed/user?_queryFilter=true&_fields=authzRoles/*

      If not all the resource collections for "authzRoles" are defined in the schema, then the augmentation filter will fire "READ" requests to fill in missing data that the VertexEdgeTableHandler wasn't able to retrieve in the mega-query.

      setup...

      1. create a user that has 2 authzRoles, ont that is internal/authzRole and one managed/role.
      2. modify the managed.json file and remove manage/role as a resourceCollection in the authzRoles relationship.
      3. create a priv against managed/role that would filter that added role to the user.
      GET http://localhost:8080/openidm/managed/user?_queryFilter=true&_fields=authzRoles/*

      and ensure that only the internal/role is there.

      Acceptance criteria: need a jdbc unit that covers this setup.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                katie.gonzalez Katie Gonzalez
                Reporter:
                jason.vincent jason vincent
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: