[jira] [Assigned] (SYNCOPE-1064) Impropve security of customization mechanism
[ https://issues.apache.org/jira/browse/SYNCOPE-1064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrea Patricelli reassigned SYNCOPE-1064: -- Assignee: Andrea Patricelli > Impropve security of customization mechanism > > > Key: SYNCOPE-1064 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1064 > Project: Syncope > Issue Type: Improvement > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > A smart and malicious user could "hack" angularjs frontend components and > send info that is not allowed to create/edit. > Solve this by checking info on server side against form customization JSON. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SYNCOPE-1064) Improve security of customization mechanism
[ https://issues.apache.org/jira/browse/SYNCOPE-1064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrea Patricelli updated SYNCOPE-1064: --- Summary: Improve security of customization mechanism (was: Impropve security of customization mechanism) > Improve security of customization mechanism > --- > > Key: SYNCOPE-1064 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1064 > Project: Syncope > Issue Type: Improvement > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > A smart and malicious user could "hack" angularjs frontend components and > send info that is not allowed to create/edit. > Solve this by checking info on server side against form customization JSON. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (SYNCOPE-1064) Impropve security of customization mechanism
Andrea Patricelli created SYNCOPE-1064: -- Summary: Impropve security of customization mechanism Key: SYNCOPE-1064 URL: https://issues.apache.org/jira/browse/SYNCOPE-1064 Project: Syncope Issue Type: Improvement Components: enduser Affects Versions: 2.0.2 Reporter: Andrea Patricelli Fix For: 2.0.3, 2.1.0 A smart and malicious user could "hack" angularjs frontend components and send info that is not allowed to create/edit. Solve this by checking info on server side against form customization JSON. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Assigned] (SYNCOPE-1020) Support for BPMN call activity
[
https://issues.apache.org/jira/browse/SYNCOPE-1020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò reassigned SYNCOPE-1020:
---
Assignee: Francesco Chicchiriccò
> Support for BPMN call activity
> --
>
> Key: SYNCOPE-1020
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1020
> Project: Syncope
> Issue Type: Improvement
> Components: core
>Reporter: Francesco Chicchiriccò
>Assignee: Francesco Chicchiriccò
> Fix For: 2.0.3, 2.1.0
>
>
> From the [Activiti User
> Guide|https://www.activiti.org/userguide/#bpmnCallActivity]:
> {quote}
> BPMN 2.0 makes a distinction between a regular subprocess, often also called
> embedded subprocess, and the call activity, which looks very similar. From a
> conceptual point of view, both will call a subprocess when process execution
> arrives at the activity.
> The difference is that the call activity references a process that is
> external to the process definition, whereas the subprocess is embedded within
> the original process definition. The main use case for the call activity is
> to have a reusable process definition that can be called from multiple other
> process definitions.
> {quote}
> It is currently possible to create more process definitions (besides the
> default {{userWorkflow}}) by empowering the REST endpoint
> {code}
> PUT /workflows/{anyTypeKind}
> {code}
> The new process(es) defined can then be called from the main {{userWorkflow}}
> via the {{}} element(s): the main advantage is that, by doing
> so, there are no more problems about the process definition versions, as they
> only apply to the main process (e.g. {{userWorkflow}}).
> What is currently lacking is:
> # proper management for getting all available process definitions
> # proper handling for initial loading of several process definitions from XML
> files
> # proper editing features from Admin Console
> as all the items above only consider the possibility that a single process
> definition is available.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Assigned] (SYNCOPE-1060) Date in membership attribute is propagated as timestamp
[ https://issues.apache.org/jira/browse/SYNCOPE-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrea Patricelli reassigned SYNCOPE-1060: -- Assignee: Andrea Patricelli > Date in membership attribute is propagated as timestamp > --- > > Key: SYNCOPE-1060 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1060 > Project: Syncope > Issue Type: Bug > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > Update an user by assigning it to a group with type extensions. For example > in the playground environment assign user puccini to realm even and assign it > to group additional. > Then edit plain schema loginDate and set a value. > Update or approval of update approval will fail due to unparseable date and > date is shown into timestamp formt. > Moreover if saving dates into additional (membership) attribunte into > console they are not show into enduser form. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Reopened] (SYNCOPE-1060) Date in membership attribute is propagated as timestamp
[ https://issues.apache.org/jira/browse/SYNCOPE-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrea Patricelli reopened SYNCOPE-1060: Missing fix in self create mode > Date in membership attribute is propagated as timestamp > --- > > Key: SYNCOPE-1060 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1060 > Project: Syncope > Issue Type: Bug > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > Update an user by assigning it to a group with type extensions. For example > in the playground environment assign user puccini to realm even and assign it > to group additional. > Then edit plain schema loginDate and set a value. > Update or approval of update approval will fail due to unparseable date and > date is shown into timestamp formt. > Moreover if saving dates into additional (membership) attribunte into > console they are not show into enduser form. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1060) Date in membership attribute is propagated as timestamp
[ https://issues.apache.org/jira/browse/SYNCOPE-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15960926#comment-15960926 ] ASF subversion and git services commented on SYNCOPE-1060: -- Commit dbf07add3dbca0b3a3e9153bfbfa72b417ea in syncope's branch refs/heads/master from [~andrea.patricelli] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=dbf07ad ] [SYNCOPE-1060] fixed wrong dates propagation to/from enduser > Date in membership attribute is propagated as timestamp > --- > > Key: SYNCOPE-1060 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1060 > Project: Syncope > Issue Type: Bug > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > Update an user by assigning it to a group with type extensions. For example > in the playground environment assign user puccini to realm even and assign it > to group additional. > Then edit plain schema loginDate and set a value. > Update or approval of update approval will fail due to unparseable date and > date is shown into timestamp formt. > Moreover if saving dates into additional (membership) attribunte into > console they are not show into enduser form. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Resolved] (SYNCOPE-1060) Date in membership attribute is propagated as timestamp
[ https://issues.apache.org/jira/browse/SYNCOPE-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrea Patricelli resolved SYNCOPE-1060. Resolution: Fixed > Date in membership attribute is propagated as timestamp > --- > > Key: SYNCOPE-1060 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1060 > Project: Syncope > Issue Type: Bug > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > Update an user by assigning it to a group with type extensions. For example > in the playground environment assign user puccini to realm even and assign it > to group additional. > Then edit plain schema loginDate and set a value. > Update or approval of update approval will fail due to unparseable date and > date is shown into timestamp formt. > Moreover if saving dates into additional (membership) attribunte into > console they are not show into enduser form. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1060) Date in membership attribute is propagated as timestamp
[ https://issues.apache.org/jira/browse/SYNCOPE-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15960930#comment-15960930 ] ASF subversion and git services commented on SYNCOPE-1060: -- Commit 23fdc9140e8ae69f4c15f6448fe51af43cd5df8c in syncope's branch refs/heads/2_0_X from [~andrea.patricelli] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=23fdc91 ] [SYNCOPE-1060] fixed wrong dates propagation to/from enduser > Date in membership attribute is propagated as timestamp > --- > > Key: SYNCOPE-1060 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1060 > Project: Syncope > Issue Type: Bug > Components: enduser >Affects Versions: 2.0.2 >Reporter: Andrea Patricelli >Assignee: Andrea Patricelli > Fix For: 2.0.3, 2.1.0 > > > Update an user by assigning it to a group with type extensions. For example > in the playground environment assign user puccini to realm even and assign it > to group additional. > Then edit plain schema loginDate and set a value. > Update or approval of update approval will fail due to unparseable date and > date is shown into timestamp formt. > Moreover if saving dates into additional (membership) attribunte into > console they are not show into enduser form. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
