On 04/11/20 10:36, te...@net-c.com wrote:
> Hi,
>
> I use syncope 2.1.7
>
> I have exported then imported a MasterContent.xml on a new platform.
>
> On this new platform, after deployment, I see that every role has dynamic
> membership set (using GROUP_MEMBERSHIP IN) as expected.
>
> Then I add my users (using the REST API) with the right group memberships as
> it was previously.
>
> Finally I log-in with my users just added, but I see that nobody has any
> role, it seems that role dynamic memberships are not taken into account
> somehow. This is checked by viewing "members" for every role. No role has a
> member.
>
> In order to workaround this, it seems necessary to "reload" roles by "edit ->
> finish" on every role. After that, users have their roles as planned.
Hi,
this sounds quite odd.
Nothing connected to users is included in export (for both security and
practical reasons), including static and dynamic membership information, but as
soon as an user gets saved, their dynamic membership information are set [1].
The workaround you are suggesting above does actually force a refresh for all
existing users, upon Role save [2]; I wonder what happens to users getting
created *after* the Role workaround save is performed: do they become dynamic
members of the Role?
Regards.
[1]
https://github.com/apache/syncope/blob/2_1_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARoleDAO.java#L180
[2]
https://github.com/apache/syncope/blob/2_1_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARoleDAO.java#L104
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
