[midPoint] Organization tree view issue with authorization
Frédéric Lohier
frederic at lohier.org
Mon Jul 29 07:27:24 CEST 2019
Hi all,
I have an issue with the Organization tree view which does not display some
action buttons (“delete”, “view details” and “create child”) when I filter
the OrgType read authorization with the following filter.
The filter itself works well, the organization tree view only display the
organizations matching the filter, but for these organization, only the
action button “delete” is displayed.
Here is my authorizations, if I remove the filter element, the action
buttons are properly displayed in the org tree view :
<authorization>
<name>Organization items read authorizations</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
</action>
<object>
<type>OrgType</type>
<filter>
<q:equal>
<q:path>subtype</q:path>
<q:value>org_subtype_1</q:value>
</q:equal>
</filter>
</object>
<item>name</item>
<item>description</item>
<item>displayName</item>
<item>emailAddress</item>
<item>telephoneNumber</item>
<item>jpegPhoto</item>
<item>identifier</item>
<item>mailDomain</item>
<item>displayOrder</item>
<item>locale</item>
<item>preferredLanguage</item>
<item>locality</item>
<item>lifecycleState</item>
<item>parentOrgRef</item>
<item>assignment</item>
<item>metadata</item>
</authorization>
<authorization>
<name>Organization items modify authorizations</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
</action>
<object>
<type>OrgType</type>
<orgRelation>
<subjectRelation>org:manager</subjectRelation>
<scope>allDescendants</scope>
<includeReferenceOrg>true</includeReferenceOrg>
</orgRelation>
</object>
<item>name</item>
<item>description</item>
<item>displayName</item>
<item>emailAddress</item>
<item>telephoneNumber</item>
<item>jpegPhoto</item>
</authorization>
<authorization>
<name>Organization add authorization</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
</action>
<object>
<type>OrgType</type>
</object>
</authorization>
<authorization>
<name>Organization delete authorization</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete
</action>
<object>
<type>OrgType</type>
</object>
</authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190729/9975bf15/attachment.htm>
More information about the midPoint
mailing list