On 09/07/2013 05:16, morteza adi wrote:
Hi fabio
Since i queried by admin user, i expected to got all users. But i only
got those without membership.
Hi,
if you perform a valid query as admin, you will get all users in
Syncope, with or without memberships: you can easily prove this by
logging into the admin console and going to the Users tab.
Could you please detail how you are querying Syncope for all users?
I think you slightly misunderstood what Fabio tried to explain below;
the high-level requirement is to implement the general authorization
model defined in Syncope [1] via Entitlements.
When executing any access to user data, Syncope checks that the
authenticated user that is currently performing such operation has the
required entitlements to actually access those users, and does so by
checking the owned "role operational entitlements": check the example at
[1].
Hope this clarifies.
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
Thank you for helping me. Now i can underestand why this happened;)
Best wishes
Adi
On Jul 8, 2013 2:27 PM, "Fabio Martelli" <[email protected]
<mailto:[email protected]>> wrote:
Il 06/07/2013 11:07, morteza adi ha scritto:
hi,
I wonder why findAll() method in
http://svn.apache.org/viewvc/syncope/tags/syncope-1.1.2/core/src/main/java/org/apache/syncope/core/persistence/dao/impl/UserDAOImpl.java?view=co
excludes user within membershib table?
the query created by this function doesn't make any sense for me
Hi, the created query doesn't exclude any user within membership
table.
It checks the possibility to perform such query by the user
requiring the search operation.
The possibility is computed upon entitlements (roles/memberships)
owned by the user.
E.g.
1. since I can search only for users in role A, the query must be
created by excluding users without a membership for A.
2. since I have no memberships I can search only for users without
memberships.
Take a look at UserTest.findAll() to search for all users.
Rgds,
F.
private StringBuilder getFindAllQuery(final Set<Long> adminRoles) {
final StringBuilder queryString = new StringBuilder("SELECT id FROM
SyncopeUser WHERE*id NOT IN* (");
if (adminRoles == null || adminRoles.isEmpty()) {
queryString.append("SELECT syncopeUser_id AS id FROM
Membership");
} else {
queryString.append("SELECT syncopeUser_id FROM Membership M1
").append("WHERE syncopeRole_id IN (");
queryString.append("SELECT syncopeRole_id FROM Membership M2
").append(
"WHERE M2.syncopeUser_id=M1.syncopeUser_id ").append("AND
syncopeRole_id NOT IN (");
queryString.append("SELECT id AS syncopeRole_id FROM
SyncopeRole");
boolean firstRole = true;
for (Long adminRoleId : adminRoles) {
if (firstRole) {
queryString.append(" WHERE");
firstRole = false;
} else {
queryString.append(" OR");
}
queryString.append(" id=").append(adminRoleId);
}
queryString.append("))");
}
queryString.append(")");
return queryString;
}
* how can i query all users even those with memberships?*
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
