[midPoint-git] [Evolveum/midpoint] ae84b4: Improve delegation-related authorizations [PoC]

mederly noreply at github.com
Fri Aug 25 00:14:26 CEST 2023 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: ae84b41b4c4640895e08ecee863a0a2ce6183edf
      https://github.com/Evolveum/midpoint/commit/ae84b41b4c4640895e08ecee863a0a2ce6183edf
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-08-25 (Fri, 25 Aug 2023)

  Changed paths:
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
    M model/model-intest/src/test/resources/security/role-delegator-plus.xml
    M model/model-intest/src/test/resources/security/role-delegator.xml
    M model/model-intest/src/test/resources/security/role-ordinary.xml

  Log Message:
  -----------
  Improve delegation-related authorizations [PoC]

When giving the delegator the rights to see the delegate's assignments
and delegateRef values, before 4.8 we had no choice but to allow him to
see all the values. This was sometimes unacceptable from the security
viewpoint.

In 4.8 we can filter not only items, but also the values. In theory.
Currently, there are some roadblocks regarding query language(s). Hence,
and also from the general usability point of view, we introduced two
variants of "self" clause: selfDeputyAssignment and selfDeputyRef.
These can be used to easily provide required value filters.

Work in progress. To be discussed.

Related to MID-4938.


  Commit: 5681fcb108ac8388749b548dc8df05deb3f16738
      https://github.com/Evolveum/midpoint/commit/5681fcb108ac8388749b548dc8df05deb3f16738
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-08-25 (Fri, 25 Aug 2023)

  Changed paths:
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestExpressionProfiles.java

  Log Message:
  -----------
  Adapt TestExpressionProfiles to recent changes


  Commit: 135f41c2f4b691e682544bd265d115ed7fc119be
      https://github.com/Evolveum/midpoint/commit/135f41c2f4b691e682544bd265d115ed7fc119be
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-08-25 (Fri, 25 Aug 2023)

  Changed paths:
    M config/sql/native-new/postgres-new-upgrade.sql
    M gui/admin-gui/src/frontend/scss/_admin-lte-overrides.scss
    M gui/admin-gui/src/frontend/scss/_tiles.scss
    M gui/admin-gui/src/frontend/scss/midpoint-utils.scss
    M gui/admin-gui/src/frontend/scss/midpoint.scss
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/GenerateExpressionPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/ScriptExpressionPanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/ScriptExpressionPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/tile/TilePanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/wizard/AbstractWizardBasicPanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/wizard/WizardChoicePanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/resource/component/wizard/objectType/attributeMapping/InboundAttributeMappingsTable.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/component/wizard/construction/ConstructionResourceObjectTypeStepPanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/AbstractPageRemoteAuthenticationSelect.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageArchetypeSelection.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/PageRequestAccess.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/requestAccess/RoleCatalogPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/data/column/RoundedImagePanel.html
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExpressionUtil.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
    M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/MidpointAuthentication.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/DuoModuleFactory.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthenticationFilter.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthorizationRequestRedirectFilter.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/DuoModuleAuthentication.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/CorrelationProvider.java

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master'


Compare: https://github.com/Evolveum/midpoint/compare/2aa83b8a391d...135f41c2f4b6

More information about the midPoint-svn mailing list