[midPoint-git] [Evolveum/midpoint] 5fd3fb: Fix authorization evaluation for the EXISTS filter
mederly
noreply at github.com
Fri Sep 2 10:01:13 CEST 2022
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: 5fd3fb07b320b33c73b81451d48d2c25c4dcfd19
https://github.com/Evolveum/midpoint/commit/5fd3fb07b320b33c73b81451d48d2c25c4dcfd19
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2022-09-02 (Fri, 02 Sep 2022)
Changed paths:
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/resources/security/role-search-user-assignment-targetRef.xml
M model/model-intest/src/test/resources/security/user-deputy-1.xml
M model/model-intest/src/test/resources/security/user-deputy-2.xml
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
Log Message:
-----------
Fix authorization evaluation for the EXISTS filter
When determining the list of items required to evaluate a search filter,
the special nature of EXISTS filter was ignored.
It is now fixed.
Note: When a filter like "EXISTS(path1): path2=..." is used, both
path1 and path1/path2 has to be allowed in the authorization.
Please see role-search-user-assignment-targetRef.xml for an example.
This should resolve MID-7931.
More information about the midPoint-svn
mailing list