[midPoint-git] [Evolveum/midpoint] 4ab23f: Fix MID-4450: Role exclusion ignores relations
Pavol Mederly
mederly at evolveum.com
Tue Feb 20 10:06:42 CET 2018
Branch: refs/heads/post-3.7-fixes
Home: https://github.com/Evolveum/midpoint
Commit: 4ab23f313cb6578733dc0b480b4b518a72cf798d
https://github.com/Evolveum/midpoint/commit/4ab23f313cb6578733dc0b480b4b518a72cf798d
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2018-02-20 (Tue, 20 Feb 2018)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ObjectTypeUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPath.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/context/AssignmentPathSegment.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentPathSegmentImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluatedPolicyRuleImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/EvaluationOrderImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ExclusionConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/HasAssignmentConstraintEvaluator.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/TestAssignmentProcessor2.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.java
M model/model-intest/src/test/resources/orgstruct/role-meta-piracy-org.xml
A model/model-intest/src/test/resources/rbac/sod/role-self-exclusion-manager-member.xml
A model/model-intest/src/test/resources/rbac/sod/role-self-exclusion.xml
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/policy/sod/AbstractTestSoD.java
Log Message:
-----------
Fix MID-4450: Role exclusion ignores relations
The exclusion constraint ignored relations altogether, triggering
even if one of conflicting roles was assigned e.g. as approver.
To resolve this, order constraints on the exclusion
are introduced (although only partially supported now).
!!! Fixed a bug in orderConstraint processing. Missing value of
relation was interpreted as "default", although it should be correctly
interpreted as "any". Deployments should be adapted. !!!
Commit: a60a5edd8f0547008dbe32b544268a89eb716697
https://github.com/Evolveum/midpoint/commit/a60a5edd8f0547008dbe32b544268a89eb716697
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2018-02-20 (Tue, 20 Feb 2018)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/prism/PrismContainerValueHeaderPanel.html
M gui/admin-gui/src/main/resources/static/less/midpoint-theme.less
A samples/roles/role-meta-approval-by-approver.xml
Log Message:
-----------
Merge remote-tracking branch 'origin/post-3.7-fixes' into post-3.7-fixes
Compare: https://github.com/Evolveum/midpoint/compare/f054694dd8d9...a60a5edd8f05
More information about the midPoint-svn
mailing list