-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 6.5.0.2
-
Fix Version/s: None
-
Component/s: Performance
-
Labels:
-
Environment:6.5.0.2
-
Target Version/s:
-
Story Points:1
-
Support Ticket IDs:
-
Zendesk ID:50491
-
Season:2021.Spring
Steps to reproduce:
Create an internal role, with readOnly set to true on attribute "description":
{ "_id": "support", "_rev": "0000000049cdfdf3", "name": "support", "description": "Support Role", "temporalConstraints": null, "condition": null, "privileges": [ { "name": "support", "description": "Support access to user information.", "path": "managed/user", "permissions": [ "VIEW", "UPDATE", "CREATE", "DELETE", "ACTION" ], "actions": [ "create", "patch" ], "filter": "/userName sw \"test1\"", "accessFlags": [ { "attribute": "userName", "readOnly": false }, { "attribute": "mail", "readOnly": false }, { "attribute": "givenName", "readOnly": false }, { "attribute": "sn", "readOnly": false }, { "attribute": "accountStatus", "readOnly": false }, { "attribute": "myArray", "readOnly": false }, { "attribute": " description ", "readOnly": true } ] } ] }
PATCH the description attribute fails:
curl --request PATCH 'http://localhost:8080/openidm/managed/user/bcc8b45f-36cb-4443-8a03-a07db01f9c05' \ --header 'x-openidm-username: manager1' \ --header 'x-openidm-password: Welcome1' \ --header 'Content-Type: application/json' \ --data '[{ "operation":"replace", "field":"description", "value":"test7" }]'
Results:
{ "code": 403, "reason": "Forbidden", "message": "No matching privileges found", "detail": { "failedPrivilegeRequirements": [ [ { "property": "description", "error": "No attribute level access" } ] ] } }
But when we use a POST _action=patch it succeeds.
curl --request POST 'http://localhost:8080/openidm/managed/user?_action=patch&_queryId=for-userName&uid=test1' \ --header 'x-openidm-username: manager1' \ --header 'x-openidm-password: Welcome1' \ --header 'Content-Type: application/json' \ --data '[{ "operation":"replace", "field":"description", "value":"test9" }]'
and updates the description field.