That seems a valid solution but how can u do this in the REST way ?
Am 24.10.2016 um 21:22 schrieb Chris Pike:
I feel like it is worth mentioning again that perhaps the query builder I have
been playing around might be of use here. The query builder would allow
searching by ftProps (custom user defined properties).
So for roles, you could add any ftProps you like (i.e.
ftProp=exposeMidpoint:true), then in the review manager there would be a method
to pass a query builder
https://github.com/PennState/directory-fortress-core-1/blob/feature/fc197BuilderPattern/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java#L787
https://github.com/PennState/directory-fortress-core-1/blob/feature/fc197BuilderPattern/src/main/java/org/apache/directory/fortress/core/search/RoleQueryBuilder.java
RoleQueryBuilder rqb = new RoleQueryBuilder();
rqb.addPropertyEqualsFilter( "exposeMidpoint", "true" );
List<Role> roles = reviewMgr.findRoles( rqb );
----- Original Message -----
From: "Shawn McKinney" <[email protected]>
To: [email protected]
Sent: Monday, October 24, 2016 12:30:45 PM
Subject: Re: Custom object classes and attributes
On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote:
There are more things to take into account
1. Objects like roles, groups and users should be extendable via aux
classes and attributes ( thats what the discussion is all about )
+1 to extended aux object classes on user and group. -1 on the others.
The reason, these are entities specific to fortress/rbac and shouldn’t need to
be extended. Doing so unnecessarily complicates things and will be error prone
because it exposes internal elements to external callers. Waiting to hear a
compelling case otherwise.
On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote:
There are more things to take into account
2. As an integrator i would flag all roles, groups and users which i
want to expose with a custom object class like "exposeMidpoint"
OK, but would name the object class something like ‘ftExport’ to encourage
usage across IdM implementations.
On Oct 24, 2016, at 8:19 AM, Patrick Brunmayr <[email protected]> wrote:
The background to this is for example i don't want all the fortress
roles like ( fortess-web-super-user, fortess-web-super-user, etc ) to be
transfered to midpoint. If this would be possible
someone could gain access to fortress by assigning them the needed role
( if they would be allowed to ). The second point is i don't want to
provide options like roles to users which are not of
interrest for them :)
Hope this describes it
Makes sense. Thanks for explanation. Next steps are to open jira ticket to
track.
Shawn
LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail:
[email protected]
