Details

    • Type: Bug Fix
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Rice Module:
      KIM
    • Application Requirement:
      KC
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      Fetching role members for roles is not checking whether member is listed in applicable group associated with a role.

      This issue is related to the linked JIRA in KC where creating and assigning a new Group to a role adds unauthorized Unit options for other users.

      Findings
      org.kuali.rice.kim.impl.role.RoleServiceBase
      protected List<RoleMemberBo> getRoleMembersForRoleIdsWithFilters(Collection<String> roleIds,
      String principalId, Collection<String> groupIds, Map<String, String> qualification)

      We might have to check whether passed in principal is member of group associated?

      Adding additional criteria below helped during debug.

      if ( StringUtils.isNotBlank(principalId) )

      { groupPredicates.add(PredicateFactory.equal(KIMPropertyConstants.GroupMember.MEMBER_ID, principalId)); }

        Attachments

          Activity

          Hide
          dpace Douglas Pace added a comment -

          See this PR for a summary of the changes we've made to fix this. https://github.com/KualiCo/rice-kc/pull/5

          Show
          dpace Douglas Pace added a comment - See this PR for a summary of the changes we've made to fix this. https://github.com/KualiCo/rice-kc/pull/5

            People

            • Assignee:
              Unassigned
              Reporter:
              rmancher Rajeev Mancheril (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: