Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-5914

Role is still showing as assigned in effectiveRoles attribute on query-all output if role is unassigned via the admin UI

    Details

    • Support Ticket IDs:

      Description

      If a role is assigned to a user using the openidm/managed/user endpoint and then subsequently deleted via the OpenIDM Admin UI then the role is present in the effectiveRoles attribute when using managed/user?_queryId=query-all but not when getting the user individually using managed/user/a8...5c

      To reproduce:

      0). Add a role to a user:

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --header "If-Match: *" --request PATCH --data '[{"operation": "replace", "field": "/roles/-", "value": {"_ref" : "managed/role/bc...2b"}}]' "http://localhost:8081/openidm/managed/user/a8...5c"
      

      1). Use the OpenIDM 4 Admin UI and remove the role assignment from the user.

      2). Get the individual user:

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request GET "http://localhost:8081/openidm/managed/user/a8...5c"
      
      {"_id":"a8...c","_rev":"7","mail":"test@example.com","sn":"user","givenName":"test","userName":"testuser","accountStatus":"active","effectiveRoles":[],"effectiveAssignments":[]}
      

      Note the role is not present as expected.

      3). Get all user objects:

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request GET "http://localhost:8081/openidm/managed/user?_queryId=query-all"
      
      {"result":[{"_id":"a8...5c","_rev":"7","mail":"test@example.com","sn":"user","givenName":"test","userName":"testuser","accountStatus":"active","effectiveRoles":[{"_ref":"managed/role/bc...2b"}],"effectiveAssignments":[]}],"resultCount":1,"pagedResultsCookie":null,"totalPagedResultsPolicy":"NONE","totalPagedResults":-1,"remainingPagedResults":-1}
      

      Note the role is still present in effectiveRoles.

      Expected behaviour:

      The content of effectiveRoles when getting the user individually or when using query-all should be consistent.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alin Alin Brici
                Reporter:
                andy.itter Andy Itter
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: