Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14032

Relationship updates on an object are requiring origin resource Permission for adding/removing

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      When using delegated administration for making a change to an objects relationships in ways other then UPDATE, such as POST to `managed/user/_id/roles?_action=create` it is requiring that the main object (`managed/user` in the example case) to have CREATE permission. This request is not trying to create a `managed/user` though, but rather updating the managed user's relationship.

      The other is a DELETE to `managed/user/_id/roles/_roleId`. It will require DELETE permission for `managed/user` when not trying to delete a managed user but rather updating the managed user's relationship.

      Logic for origin and edge validation will need to be updated in the DelegatedAdminFilter to allow privileges to be accepted.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                katie.gonzalez Katie Gonzalez
                Reporter:
                katie.gonzalez Katie Gonzalez
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: