Details

    • Type: Bug Fix Bug Fix
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-4852Kim Role search returns roles for "member" (group and principals) that are inactive
      KULRICE-11714KIM Performance: check whether role members need to be sorted
      KULRICE-4218Handle Groups and Roles without members
      KULRICE-14235KIM Role: Delegate issues once the member is inactivated
      KULRICE-4215Need a member "Inactivate" button that will automatically inactivate group/role/etc members
      KULRICE-7082KIM role document not handling missing qualifiers on role members
      KULRICE-13968Reopening or reloading a role document can cause unmodified members to disappear
      KULRICE-12523People Flow: Group and Role Member not displayed on confirmation & DocSearch views
      KULRICE-8256KIM Role Document: stack trace when clicking to sort role members on
      KULRICE-8267Inefficiencies in persisting role members in the IdentityManagementRoleDocument (4062)
    • Rice Module:
      KIM
    • Application Requirement:
      KC
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      Fetching role members for roles is not checking whether member is listed in applicable group associated with a role.

      This issue is related to the linked JIRA in KC where creating and assigning a new Group to a role adds unauthorized Unit options for other users.

      Findings
      org.kuali.rice.kim.impl.role.RoleServiceBase
      protected List<RoleMemberBo> getRoleMembersForRoleIdsWithFilters(Collection<String> roleIds,
      String principalId, Collection<String> groupIds, Map<String, String> qualification)

      We might have to check whether passed in principal is member of group associated?

      Adding additional criteria below helped during debug.

      if ( StringUtils.isNotBlank(principalId) )

      { groupPredicates.add(PredicateFactory.equal(KIMPropertyConstants.GroupMember.MEMBER_ID, principalId)); }

        Activity

        Hide
        Douglas Pace added a comment -

        See this PR for a summary of the changes we've made to fix this. https://github.com/KualiCo/rice-kc/pull/5

        Show
        Douglas Pace added a comment - See this PR for a summary of the changes we've made to fix this. https://github.com/KualiCo/rice-kc/pull/5

          People

          • Assignee:
            Unassigned
            Reporter:
            Rajeev Mancheril (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Structure Helper Panel