[midPoint-git] [Evolveum/midpoint] ae84b4: Improve delegation-related authorizations [PoC]
mederly
noreply at github.com
Fri Aug 25 00:14:26 CEST 2023
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: ae84b41b4c4640895e08ecee863a0a2ce6183edf
https://github.com/Evolveum/midpoint/commit/ae84b41b4c4640895e08ecee863a0a2ce6183edf
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-25 (Fri, 25 Aug 2023)
Changed paths:
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/DelegatorClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/SelfClause.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/selector/spec/ValueSelector.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/resources/security/role-delegator-plus.xml
M model/model-intest/src/test/resources/security/role-delegator.xml
M model/model-intest/src/test/resources/security/role-ordinary.xml
Log Message:
-----------
Improve delegation-related authorizations [PoC]
When giving the delegator the rights to see the delegate's assignments
and delegateRef values, before 4.8 we had no choice but to allow him to
see all the values. This was sometimes unacceptable from the security
viewpoint.
In 4.8 we can filter not only items, but also the values. In theory.
Currently, there are some roadblocks regarding query language(s). Hence,
and also from the general usability point of view, we introduced two
variants of "self" clause: selfDeputyAssignment and selfDeputyRef.
These can be used to easily provide required value filters.
Work in progress. To be discussed.
Related to MID-4938.
Commit: 5681fcb108ac8388749b548dc8df05deb3f16738
https://github.com/Evolveum/midpoint/commit/5681fcb108ac8388749b548dc8df05deb3f16738
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-25 (Fri, 25 Aug 2023)
Changed paths:
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestExpressionProfiles.java
Log Message:
-----------
Adapt TestExpressionProfiles to recent changes
Commit: 135f41c2f4b691e682544bd265d115ed7fc119be
https://github.com/Evolveum/midpoint/commit/135f41c2f4b691e682544bd265d115ed7fc119be
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-25 (Fri, 25 Aug 2023)
Changed paths:
M config/sql/native-new/postgres-new-upgrade.sql
M gui/admin-gui/src/frontend/scss/_admin-lte-overrides.scss
M gui/admin-gui/src/frontend/scss/_tiles.scss
M gui/admin-gui/src/frontend/scss/midpoint-utils.scss
M gui/admin-gui/src/frontend/scss/midpoint.scss
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/GenerateExpressionPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/ScriptExpressionPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/input/expression/ScriptExpressionPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/tile/TilePanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/wizard/AbstractWizardBasicPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/wizard/WizardChoicePanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/resource/component/wizard/objectType/attributeMapping/InboundAttributeMappingsTable.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/role/component/wizard/construction/ConstructionResourceObjectTypeStepPanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/AbstractPageRemoteAuthenticationSelect.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageArchetypeSelection.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/PageRequestAccess.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/requestAccess/RoleCatalogPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/data/column/RoundedImagePanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExpressionUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/MidpointAuthentication.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/DuoModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthorizationRequestRedirectFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/DuoModuleAuthentication.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/CorrelationProvider.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/Evolveum/midpoint/compare/2aa83b8a391d...135f41c2f4b6
More information about the midPoint-svn
mailing list