Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-9835

removePrincipalFromRole uses attribute id instead of attribute name in qualifier

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.1
    • Component/s: Security
    • Security Level: Public (Public: Anyone can view)
    • Rice Team:
      Middleware
    • Rice Module:
      KIM
    • Sprint:
      Middleware 2.5.1 Sprint 1, Middleware 2.5.1 Sprint 2, Middleware 2.5.1 Sprint 3, Middleware 2.5.2 Sprint 1, Middleware 2.5.2 Sprint 2, Middleware 2.5.2 Sprint 3
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Contributing Institution:
      Indiana Univ
    • Include in Release Notes?:
      Yes
    • Story Points:
      1

      Description

      Originally posted on Rice Collab group, Peter thinks this is a bug in Rice:

      In Rice 1.0.3, the RoleUpdateServiceImpl.removePrincipalFromRole(String principalId, String namespaceCode, String roleName, AttributeSet qualifier ) method used to work with a qualifier attribute set containing attribute NAME/VALUE pairs.

      You can see this in the getRoleMembersByDefaultStrategy()->doesMemberMatch() method as followes

                      if ( qualifier != null && roleQualifier != null && qualifier.equals( roleQualifier ) ) {
                          return true; // qualifier match
                      }
      

      where qualifier obtained contained attributeName and attributeValue, see RoleMemberImpl.getQualifier() line 114

      However in Rice 2.2.3 RoleUpdateServiceImpl.removePrincipalFromRole(String principalId, String namespaceCode, String roleName, Map<String, String> qualifier)) seems to be behaving differently. It seems that the qualifier map is expecting attribute ID/VALUE pairs.

      The implementation was changed to use query criteria. See getRoleMembersByDefaultStrategy()->getRoleDao().getRoleMembershipsForMemberId(memberTypeCode,memberId,qualifier)

      So in RoleDaoOjb.addSubCriteriaBasedOnRoleQualification() you see the following query being issued

                      if (StringUtils.isNotEmpty(qualifier.getValue())) {
                          String value = (qualifier.getValue()).replace('*', '%');
                          subCrit.addLike("attributeValue", value);
                          subCrit.addEqualTo("kimAttributeId", qualifier.getKey());
                          subCrit.addEqualToField("assignedToId", Criteria.PARENT_QUERY_PREFIX + "id");
                          ReportQueryByCriteria subQuery = QueryFactory.newReportQuery(RoleMemberAttributeDataBo.class, subCrit);
                          c.addExists(subQuery);
                      }
      

        Attachments

          Activity

          Show
          fraferna Francis Fernandez added a comment - Created review: https://fisheye.kuali.org/cru/rice-523 on branch /rice/sandbox/ KULRICE-9835 : https://fisheye.kuali.org/browse/rice/sandbox/KULRICE-9835
          Hide
          fraferna Francis Fernandez added a comment -

          Contributed as part of 2.5.1

          Show
          fraferna Francis Fernandez added a comment - Contributed as part of 2.5.1

            People

            • Assignee:
              fraferna Francis Fernandez
              Reporter:
              wgomes Will Gomes (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: