Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve group candidates resolution by Flowable IdM identity service. #199

Merged
merged 3 commits into from
Sep 11, 2024
Merged

Improve group candidates resolution by Flowable IdM identity service. #199

merged 3 commits into from
Sep 11, 2024

Conversation

krausvo1
Copy link
Contributor

@krausvo1 krausvo1 commented Sep 6, 2024

This PR improves resolution of group candidates provided by Flowable IdM identity service and adds support for querying user's by their group membership.

@pavelhoral
Copy link
Member

Had internal discussion and our previous change was not ideal - we would like to map worfklow groups to authorization roles, not managed roles. This should be changed. Also I would like to see more "defensive" approach in query implementations - implement only what we need and nothing else (throw exceptions, when unsupported filters or combination of filters is used).

@krausvo1
Copy link
Contributor Author

krausvo1 commented Sep 9, 2024

I have made changes based on previous notes.

  • When querying groups by member, we fetch the managed user and return its authzRoles as IdM groups.
  • When querying users by group membership, we fetch the managed role and return its authzMembers as IdM users.
  • Group query supports filtering by groupId, groupIds and groupMember. groupMember cannot be used together with any of the former parameters.
  • User query supports filtering by userId and memberOfGroup; they also cannot be used together.
  • I have also fixed assignee select in Admin UI broken by my changes in previous PR.

pavelhoral
pavelhoral approved these changes Sep 11, 2024
View reviewed changes
Copy link
Member

@pavelhoral pavelhoral left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pavelhoral pavelhoral merged commit c390b0e into WrenSecurity:main Sep 11, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavelhoral pavelhoral pavelhoral approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@krausvo1 @pavelhoral