Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-9835

removePrincipalFromRole uses attribute id instead of attribute name in qualifier


    • Type: Bug Fix Bug Fix
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.1
    • Component/s: Security
    • Security Level: Public (Public: Anyone can view)
    • Similar issues:
      KULRICE-8849removePrincipalFromRole and getRoleMemberPrincipalId methods very slow
      KULRICE-8513Role document blows up if the attribute definition id of a qualifier contains a hyphen
      KULRICE-5157Update Group objects to use new Attributes class instead of AttributeSet
      KULRICE-3279The XPathQualifierResolver Rule Attribute ingestion is broken and not ingesting the configuration section of the xml
      KULRICE-4028Group lookup fails when using group type with attributes
      KULRICE-12021Kim Attribute problem when multiple attributes have the same name
      KULRICE-3532Include description attribute on all tag library attributes
      KULRICE-10304Using empty role qualifiers causes "cannot be modified" validation error when adding delegates for associated member
      KULRICE-6949Action section on a KRMS rule shows attribute names instead of attribute labels for custom action attributes
      KULRICE-10690Potentially infinite Attribute ID breadcrumbs in Attribute Inquiry
    • Rice Team:
    • Rice Module:
    • Sprint:
      Middleware 2.5.1 Sprint 1, Middleware 2.5.1 Sprint 2, Middleware 2.5.1 Sprint 3, Middleware 2.5.2 Sprint 1, Middleware 2.5.2 Sprint 2, Middleware 2.5.2 Sprint 3
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Contributing Institution:
      Indiana Univ
    • Include in Release Notes?:
    • Story Points:


      Originally posted on Rice Collab group, Peter thinks this is a bug in Rice:

      In Rice 1.0.3, the RoleUpdateServiceImpl.removePrincipalFromRole(String principalId, String namespaceCode, String roleName, AttributeSet qualifier ) method used to work with a qualifier attribute set containing attribute NAME/VALUE pairs.

      You can see this in the getRoleMembersByDefaultStrategy()->doesMemberMatch() method as followes

                      if ( qualifier != null && roleQualifier != null && qualifier.equals( roleQualifier ) ) {
                          return true; // qualifier match

      where qualifier obtained contained attributeName and attributeValue, see RoleMemberImpl.getQualifier() line 114

      However in Rice 2.2.3 RoleUpdateServiceImpl.removePrincipalFromRole(String principalId, String namespaceCode, String roleName, Map<String, String> qualifier)) seems to be behaving differently. It seems that the qualifier map is expecting attribute ID/VALUE pairs.

      The implementation was changed to use query criteria. See getRoleMembersByDefaultStrategy()->getRoleDao().getRoleMembershipsForMemberId(memberTypeCode,memberId,qualifier)

      So in RoleDaoOjb.addSubCriteriaBasedOnRoleQualification() you see the following query being issued

                      if (StringUtils.isNotEmpty(qualifier.getValue())) {
                          String value = (qualifier.getValue()).replace('*', '%');
                          subCrit.addLike("attributeValue", value);
                          subCrit.addEqualTo("kimAttributeId", qualifier.getKey());
                          subCrit.addEqualToField("assignedToId", Criteria.PARENT_QUERY_PREFIX + "id");
                          ReportQueryByCriteria subQuery = QueryFactory.newReportQuery(RoleMemberAttributeDataBo.class, subCrit);


        Francis Fernandez added a comment - Created review: https://fisheye.kuali.org/cru/rice-523 on branch /rice/sandbox/ KULRICE-9835 : https://fisheye.kuali.org/browse/rice/sandbox/KULRICE-9835
        Francis Fernandez added a comment -

        Contributed as part of 2.5.1

        Francis Fernandez added a comment - Contributed as part of 2.5.1


          • Assignee:
            Francis Fernandez
            Will Gomes (Inactive)
          • Votes:
            0 Vote for this issue
            2 Start watching this issue


            • Created:


                Structure Helper Panel