Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-4151

Permission and responsibility lookups don't seem to take nested roles into account

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: KFS Release 4.0, 1.0.3
    • Component/s: Development
    • Labels:
      None
    • Rice Module:
      KIM
    • Application Requirement:
      KFS

      Description

      Looked up principal name "butt" on the permission lookup and I don't get a complete list. This is missing any permissions that butt gets because he's in a role that's nested in another role. This should be returning all permissions for the specified principal whether they come from an explicitly assigned role or a role nested in another role. Without this it's extremely difficult to pin down all of a user's permissions and where they come from.

        Attachments

          Issue Links

            Activity

            Hide
            jkeller Jonathan Keller added a comment -

            Damon - where are you looking. I don't think anything was changed to make the permissions/role members appear. (From my knowledge of the UI code, that would be very difficult the way they were designed.) I think all was changed was that you could look up roles by the nested role members. (I'm not sure about permissions - I haven't looked at what the Rice team actually changed.)

            Show
            jkeller Jonathan Keller added a comment - Damon - where are you looking. I don't think anything was changed to make the permissions/role members appear. (From my knowledge of the UI code, that would be very difficult the way they were designed.) I think all was changed was that you could look up roles by the nested role members. (I'm not sure about permissions - I haven't looked at what the Rice team actually changed.)
            Hide
            jjhanso Jeremy Hanson added a comment -

            In rice, this is working. To test, I created a new role with the user Fran as a member. I then added this new role to the Technical administrator role. When I do a permission search for the user fran, it returns all of the Technical Administrator permissions. (fran doesn't have any other permissions)

            Show
            jjhanso Jeremy Hanson added a comment - In rice, this is working. To test, I created a new role with the user Fran as a member. I then added this new role to the Technical administrator role. When I do a permission search for the user fran, it returns all of the Technical Administrator permissions. (fran doesn't have any other permissions)
            Hide
            jjhanso Jeremy Hanson added a comment -

            trying wit kfs dataset now

            Show
            jjhanso Jeremy Hanson added a comment - trying wit kfs dataset now
            Hide
            jjhanso Jeremy Hanson added a comment -

            Corrected a problem where the nesting wasn't working if the role the principal belonged to belonged to more than one role. should work with lmjarboe now once kfs updates

            Show
            jjhanso Jeremy Hanson added a comment - Corrected a problem where the nesting wasn't working if the role the principal belonged to belonged to more than one role. should work with lmjarboe now once kfs updates
            Hide
            ddorsey Damon Dorsey added a comment -

            This one looks good now.
            Thanks!
            Damon

            Show
            ddorsey Damon Dorsey added a comment - This one looks good now. Thanks! Damon

              People

              • Assignee:
                jjhanso Jeremy Hanson
                Reporter:
                dlemus Dan Lemus (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 days
                  4d
                  Remaining:
                  Remaining Estimate - 4 days
                  4d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified