[midPoint] gui authorization for Delete Delegation
Markus Calmius
markus.calmius at proton.ch
Thu Jul 10 16:37:19 CEST 2025
Keeping the discussion going with myself ;)
The code has this for Add:
if
(
WebComponentUtil
.isAuthorized(
AuthorizationConstants
.
AUTZ_UI_DELEGATE_ACTION_URL
)) {
item
=
new
InlineMenuItem
(
createStringResource
(
"AssignmentTablePanel.menu.addDelegation"
)) {
wouldn't it make sense to have the same authorization for delete?
Delete:
if
(
WebComponentUtil
.isAuthorized(
AuthorizationConstants
.
AUTZ_UI_ADMIN_UNASSIGN_ACTION_URI
)) {
item
=
new
InlineMenuItem
(
createStringResource
(
"AssignmentTablePanel.menu.deleteDelegation"
)) {
Markus
On Thursday, 10 July 2025 at 13:15, Markus Calmius <markus.calmius at proton.ch> wrote:
> Just to elaborate a bit
>
> Adding the following authorization:
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</action>
> does make the "Delete Delegation" option visible. However, it also enables the "Unassign" button for all assignments.
>
> Self-service unassignment might be something we will implement in the future, we do not want it for all assignments (just some the roles that are requested should be possible to unassign)
>
> Is there a way to show only the "Delete Delegation" option without exposing the general unassign functionality?
>
> Markus
>
> On Thursday, 10 July 2025 at 13:03, Markus Calmius via midPoint <midpoint at lists.evolveum.com> wrote:
>
>> Hi,
>>
>> What is needed to make the "Delete Delegation" option appear in the GUI? Adding the authorization:
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#delegate</action>
>> seems to only enable the "Add Delegation" functionality.
>>
>> Running 4.8.5/4.8.8
>> Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250710/9b2e63f8/attachment.htm>
More information about the midPoint
mailing list