-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Not a defect
-
Affects Version/s: 7.0.0
-
Fix Version/s: None
-
Component/s: Module - Relationships, Module - Web UI
-
Labels:None
-
Environment:OpenIDM version "7.0.0-SNAPSHOT" (build: 20190830164749, revision: ad68dff) jenkins-OpenIDM-build-master-1336
As openidm-admin we are able to create Direct Report for the same user
Steps to reproduce:
- Run IDM and create user eg: 'user2'
- run this curl:
curl -X POST \ 'http://idm.example.com:8080/openidm/managed/user/user2/reports?_action=create' \ -H 'Content-Type: application/json' \ -H 'X-OpenIDM-Password: openidm-admin' \ -H 'X-OpenIDM-Username: openidm-admin' \ -d '{ "_ref":"managed/user/user2" }'
Expected result: I believe that this request should be forbidden, as this is not allowed in UI
Actual result: Direct report of 'user2' is create for 'user2'. When I delete the user in UI, user is removed however error message appears: 'Error not found;