
<div dir="ltr"><div>Hello list,<br><br></div>I'm trying to limit the roles that some users can request using Authorizations. I've put a simple substring filter to limit the available target roles, but I'm getting this exception shown serveral times:<br><br><dt id="gmail-id271">Operation</dt>

                                        <dd>

                                                <b id="gmail-id272">operation.com.evolveum.midpoint.web.page.self.PageAssignmentShoppingKart.loadAssignableRoles</b>


                                        </dd>

                                        <dt id="gmail-id273">Message</dt>

                                        <dd id="gmail-id274">Couldn't load available roles</dd>

                                        
                                        <dd>

                                                <table class="gmail-paramtable">

                                                        
                                                </table>

                                        </dd>

                                        
                                        <dd>

                                                <table class="gmail-paramtable">

                                                        
                                                </table>

                                        </dd>

                                        
                                        <dt id="gmail-id275">Error</dt>

                                        <dd id="gmail-id276">Unexpected filter SUBSTRING(S): name,PPV(PolyString:GAB)</dd>

                                        <dd> <a id="gmail-id26e">show</a></dd>

                                        <dd class="gmail-stacktrace" id="gmail-id282">java.lang.UnsupportedOperationException: Unexpected filter SUBSTRING(S): name,PPV(PolyString:Gabinetes)

        at com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getRoleSelectionSpecEntries(ModelInteractionServiceImpl.java:593)

        at com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getRoleSelectionSpecEntries(ModelInteractionServiceImpl.java:585)

        at com.evolveum.midpoint.model.impl.controller.ModelInteractionServiceImpl.getAssignableRoleSpecification(ModelInteractionServiceImpl.java:463)

        at sun.reflect.GeneratedMethodAccessor1331.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:508)

        at com.sun.proxy.$Proxy192.getAssignableRoleSpecification(Unknown Source)

        at com.evolveum.midpoint.web.page.self.PageAssignmentShoppingKart.getAssignableRolesFilter(PageAssignmentShoppingKart.java:518)</dd><dt><br></dt><dt><br></dt><dt>The error messages are shown on screen, and the users sees all roles in the role catalog.<br></dt><dt>This is the authorization:</dt><dd><br></dd><authorization><br>      <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign</a></action><br>      <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign</a></action><br>      <phase>request</phase><br>      <object id="4"><br>         <type>UserType</type><br>         <orgRelation><br>            <subjectRelation>org:manager</subjectRelation><br>         </orgRelation><br>      </object><br>      <target id="7"><br>         <type>RoleType</type><br>         <filter><br>            <q:substring><br>               <q:path>name</q:path><br>               <q:value>GAB</q:value><br>               <q:anchorStart>true</q:anchorStart><br>            </q:substring><br>         </filter><br>      </target><br>   </authorization><br></div>