Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-2160

Change to access.js for general access to managed/user/* always results in 403

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 3.0.0
    • Fix Version/s: None
    • Component/s: Module - Authorization
    • Labels:
      None
    • Environment:
      Ubuntu 14.04, 64Bit, java version "1.7.0_60"
      Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
      Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode)
      IDM 3.0, MySQL repo

      Description

      When editing script/access.js for a custom authZ rule for managed/users, the result is always 403. Numerous combinations of the below have been tried, with roles, wildcards and specific actions. This is latest incarnation:

      { "pattern" : "managed/user/*", "roles" : "openidm-authorized", "methods" : "read, query", "actions" : "" }

      Explicitly calling a GET on a user (managed/user/_id) returns 403, as does a general query-all-ids. Changing the role to * or managed/role/rolename makes no difference as does changing methods to *.

        Attachments

          Activity

            People

            Assignee:
            andi Andi Egloff
            Reporter:
            simon.moffatt Simon Moffatt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: