Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13735

Direct report can be added via REST to the same user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      OpenIDM version "7.0.0-SNAPSHOT" (build: 20190830164749, revision: ad68dff) jenkins-OpenIDM-build-master-1336

      Description

      As openidm-admin we are able to create Direct Report for the same user

      Steps to reproduce:

      1. Run IDM and create user eg: 'user2'
      2. run this curl:
        curl -X POST \
          'http://idm.example.com:8080/openidm/managed/user/user2/reports?_action=create' \
          -H 'Content-Type: application/json' \
          -H 'X-OpenIDM-Password: openidm-admin' \
          -H 'X-OpenIDM-Username: openidm-admin' \
          -d '{
        	"_ref":"managed/user/user2"
        }'
        

      Expected result: I believe that this request should be forbidden, as this is not allowed in UI
      Actual result: Direct report of 'user2' is create for 'user2'. When I delete the user in UI, user is removed however error message appears: 'Error not found;

        Attachments

          Activity

            People

            • Assignee:
              dhogan Dirk Hogan
              Reporter:
              alexander.dracka Alexander Dracka
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: