[midPoint] objectCollectionView tricks

Yakov Revyakin yrevyakin at gmail.com
Wed Apr 26 18:05:45 CEST 2023 

I can see that tasksView authorization is not used currently. For left menu
only the following 'view' authorizations are activated
usersView
orgsView
rolesView
servicesView
resourcesView
casesView

Interesting, what is the reason?



On Tue, 25 Apr 2023 at 18:32, Yakov Revyakin <yrevyakin at gmail.com> wrote:

> It looks like this approach doesn't work for tasks. If I comment #tasks
> and leave #tasksView I can't see Server Task menu as well as access task
> collection "organization-tasks" via link
>
> https://midpoint.host/midpoint/admin/tasks&collectionName=organization-tasks
> <https://midpoint.dev.e.gov.ua/midpoint/admin/tasks&collectionName=organization-tasks>
> getting
> TRACE (com.evolveum.midpoint.security.api.SecurityUtil): Denied access to
> filter invocation [GET /admin/tasks?collectionName=organization-tasks] by
> someone at mon.dev : Not authorized; one of the following authorization
> actions is required: [
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll,
>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks,
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all
> ]
> From my point of view this looks like a bug.  I use 4.4.3.
>
> Is there any workaround?
>
>
> On Tue, 25 Apr 2023 at 18:05, Yakov Revyakin <yrevyakin at gmail.com> wrote:
>
>> Hi Ivan,
>> Thank you so much!
>> It works
>>
>>
>> On Tue, 25 Apr 2023 at 12:34, Ivan Noris via midPoint <
>> midpoint at lists.evolveum.com> wrote:
>>
>>> Hi Yakov,
>>>
>>> to hide All resources menu item, omit #resources authorization and keep
>>> only #resourcesView.
>>>
>>> Best regards,
>>>
>>> Ivan
>>> On 24. 4. 2023 19:09, Yakov Revyakin via midPoint wrote:
>>>
>>> I don't know how, but my configuration above started working magically.
>>> Still interesting how to hide standard menu items:
>>> All resources for Resource
>>> All tasks & predefined objectcollectionviews for well known task types
>>> in Server Tasks.
>>>
>>> On Mon, 24 Apr 2023 at 18:08, Yakov Revyakin <yrevyakin at gmail.com>
>>> wrote:
>>>
>>>> Hi all,
>>>> I need to customize LeftMenuPanel via a custom user role.
>>>> For example, using UI authorizations I can enable the "Resources" menu
>>>> and the "All Resources" item inside.
>>>> I'd like to add another objectCollectionView for ResourceType named
>>>> "Active Resources".
>>>> I do something like this in my custom role assigned to appropriate user:
>>>>
>>>> <authorization>    <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</action>    <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView</action></authorization>
>>>>
>>>> <authorization>    <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>    <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors</action>    <object>        <type>ResourceType</type>    </object></authorization>
>>>>
>>>> <adminGuiConfiguration>    <objectCollectionViews>        <objectCollectionView>            <identifier>resource-up</identifier>            <display>                <pluralLabel>Active Resources</pluralLabel>            </display>            <visibility>visible</visibility>            <applicableForOperation>modify</applicableForOperation>            <type>ResourceType</type>            <collection>                <collectionRef oid="00000000-0000-0000-0001-000000000003" type="c:ObjectCollectionType"/>            </collection>        </objectCollectionView>    <enableExperimentalFeatures>true</enableExperimentalFeatures></adminGuiConfiguration>
>>>>
>>>> I expect to see "Resources" and an extra item "Active Resource" inside.
>>>> But still can see only default "All Resources".
>>>> What have I missed?
>>>> Is this possible to reach developing a custom role? Or
>>>> SystemConfiguration is the only place where this kind of configuration
>>>> possible?
>>>> If this possible the next step is to hide "All Resources" and leave
>>>> only "Active Resources". Probably someone knows how.
>>>> Thanks,
>>>> Yakov
>>>>
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> --
>>> Ivan Noris
>>> Expert Identity Engineerevolveum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230426/c9c24b18/attachment.htm>

More information about the midPoint mailing list