Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-16123

Creating a relationship via POST action=create doesn't fire policy validation

    XMLWordPrintable

    Details

    • Support Ticket IDs:

      Description

      To reproduce this issue:
      1. Create 1:N relationship managed/group/users from managed/group to managed/user
      2. Create a custom policy, such as mytest1, that unconditionally reports policy violation
      3. Add the custom policy to managed/group/users
      4. Add a user to managed/group/users via Admin UI or POST /openidm/managed/group/<uuid>/users?_action=create. Both are successful despite the custom policy. The policy validation is not fired.
      5. Add a user via PATCH

      [{
      	"operation": "add",
      	"field": "/users/-",
      	"value": {"_ref": "managed/user/61d46298-c580-4ff9-a4c7-00ec305c2331"}
      }]
      

      The custom policy is fired.

      {
          "code": 403,
          "reason": "Forbidden",
          "message": "Failed policy validation",
          "detail": {
              "result": false,
              "failedPolicyRequirements": [
                  {
                      "policyRequirements": [
                          {
                              "policyRequirement": "MYTEST1"
                          }
                      ],
                      "property": "users"
                  }
              ]
          }
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dhogan Dirk Hogan
              Reporter:
              yinyan.cao Yinyan Cao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: