[midPoint] objectCollectionView tricks
Yakov Revyakin
yrevyakin at gmail.com
Tue Apr 25 17:32:25 CEST 2023
It looks like this approach doesn't work for tasks. If I comment #tasks and
leave #tasksView I can't see Server Task menu as well as access task
collection "organization-tasks" via link
https://midpoint.host/midpoint/admin/tasks&collectionName=organization-tasks
<https://midpoint.dev.e.gov.ua/midpoint/admin/tasks&collectionName=organization-tasks>
getting
TRACE (com.evolveum.midpoint.security.api.SecurityUtil): Denied access to
filter invocation [GET /admin/tasks?collectionName=organization-tasks] by
someone at mon.dev : Not authorized; one of the following authorization
actions is required: [
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll,
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks,
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all]
>From my point of view this looks like a bug. I use 4.4.3.
Is there any workaround?
On Tue, 25 Apr 2023 at 18:05, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Hi Ivan,
> Thank you so much!
> It works
>
>
> On Tue, 25 Apr 2023 at 12:34, Ivan Noris via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>> Hi Yakov,
>>
>> to hide All resources menu item, omit #resources authorization and keep
>> only #resourcesView.
>>
>> Best regards,
>>
>> Ivan
>> On 24. 4. 2023 19:09, Yakov Revyakin via midPoint wrote:
>>
>> I don't know how, but my configuration above started working magically.
>> Still interesting how to hide standard menu items:
>> All resources for Resource
>> All tasks & predefined objectcollectionviews for well known task types in
>> Server Tasks.
>>
>> On Mon, 24 Apr 2023 at 18:08, Yakov Revyakin <yrevyakin at gmail.com> wrote:
>>
>>> Hi all,
>>> I need to customize LeftMenuPanel via a custom user role.
>>> For example, using UI authorizations I can enable the "Resources" menu
>>> and the "All Resources" item inside.
>>> I'd like to add another objectCollectionView for ResourceType named
>>> "Active Resources".
>>> I do something like this in my custom role assigned to appropriate user:
>>>
>>> <authorization> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</action> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView</action></authorization>
>>>
>>> <authorization> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors</action> <object> <type>ResourceType</type> </object></authorization>
>>>
>>> <adminGuiConfiguration> <objectCollectionViews> <objectCollectionView> <identifier>resource-up</identifier> <display> <pluralLabel>Active Resources</pluralLabel> </display> <visibility>visible</visibility> <applicableForOperation>modify</applicableForOperation> <type>ResourceType</type> <collection> <collectionRef oid="00000000-0000-0000-0001-000000000003" type="c:ObjectCollectionType"/> </collection> </objectCollectionView> <enableExperimentalFeatures>true</enableExperimentalFeatures></adminGuiConfiguration>
>>>
>>> I expect to see "Resources" and an extra item "Active Resource" inside.
>>> But still can see only default "All Resources".
>>> What have I missed?
>>> Is this possible to reach developing a custom role? Or
>>> SystemConfiguration is the only place where this kind of configuration
>>> possible?
>>> If this possible the next step is to hide "All Resources" and leave only
>>> "Active Resources". Probably someone knows how.
>>> Thanks,
>>> Yakov
>>>
>>>
>>>
>>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ivan Noris
>> Expert Identity Engineerevolveum.com
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230425/4381bac6/attachment-0001.htm>
More information about the midPoint
mailing list