[jira] [Updated] (SYNCOPE-667) simplification of admin roles filter query used in search

Wed, 13 May 2015 03:08:34 -0700 

     [ 
https://issues.apache.org/jira/browse/SYNCOPE-667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francesco Chicchiriccò updated SYNCOPE-667:
-------------------------------------------
      Component/s: core
    Fix Version/s: 1.2.5

[~wimmelg], your changes look good!

I have verified with Oracle and MS SQL Server, so to me you can merge the 
{{SYNCOPE-667}} branch back to 1_2_X.

About further merge with {{master}} branch, things have changed significantly 
with regard to security model thanks to SYNCOPE-119, so the only required merge 
is for the test class: I can volunteer for this, should you need it.

{quote}
I think the second part of testUserSearch() is not very meaningful as 
userService3.search() simply returns nothing (because test user "verdi" does 
not have any role entitlements, so no search is performed).
I didn't want to make too many changes to the test initially as am not familiar 
enough with its intention.
{quote}

You are right, I've changed the second part of the test (and committed to 
branch {{SYNCOPE-667}}) to barely check that nothing is returned - which makes 
more sense, it's the verification that "verdi" is not entitled to search at all.

> simplification of admin roles filter query used in search
> ---------------------------------------------------------
>
>                 Key: SYNCOPE-667
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-667
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.2.4
>            Reporter: Guido Wimmel
>            Assignee: Guido Wimmel
>            Priority: Minor
>             Fix For: 1.2.5
>
>
> As discussed on the dev mailing list [1], I think the query generated in 
> SubjectSearchDAOImpl.getAdminRolesFilter() to determine the users which have 
> roles not in adminRoles can be simplified for type==SubjectType.USER.
> Currently generated query: (for type==USER and adminRoles=\{1,2\}): 
> {code}
> SELECT syncopeUser_id AS subject_id FROM Membership M1 WHERE syncopeRole_id IN
>     (SELECT syncopeRole_id FROM Membership M2 WHERE 
> M2.syncopeUser_id=M1.syncopeUser_id AND syncopeRole_id NOT IN
>            (SELECT id AS syncopeRole_id FROM SyncopeRole WHERE id=1 OR id=2)
>     ) 
> {code}
> Suggested simplification:
> {code}
> SELECT syncopeUser_id AS subject_id FROM Membership WHERE syncopeRole_id NOT 
> IN (
>                                                SELECT id AS syncopeRole_id 
> FROM SyncopeRole WHERE id=1 OR id=2
>                                    ) 
> {code}
> In addition, the test coverage of the admin roles filter mechanism used in 
> search should be improved.
> [1] 
> http://syncope-dev.1063484.n5.nabble.com/getAdminRolesFilter-query-td5716932.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to