Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-726

Wrong resourceClass value in result list entries in listing permissions by identity type

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • PLINK_2.7.1.Final
    • PLINK_2.7.0.Final
    • IDM
    • None
    • Hide

      1. Create few different classes, let say A, B, C
      2. Create user
      3. Create few objects, instances of classes A, B, C
      4. Grant permission for user to specified objects by PermissionManager.grantPermission, operation name is irrelevant.
      5. List permissions by specified user using PermissionManager.listPermissions(IdentityType identityType)
      6. Check result list.
      7. In result list exist Permission type entries, all of them have 'resourceClass' field, and all of them have those fields set to resource class from first object in list.

      Show
      1. Create few different classes, let say A, B, C 2. Create user 3. Create few objects, instances of classes A, B, C 4. Grant permission for user to specified objects by PermissionManager.grantPermission, operation name is irrelevant. 5. List permissions by specified user using PermissionManager.listPermissions(IdentityType identityType) 6. Check result list. 7. In result list exist Permission type entries, all of them have 'resourceClass' field, and all of them have those fields set to resource class from first object in list.

    Description

      Hi.

      I've granted permissions for a identity type for my few hibernate entitiy objects. Objects are instanes of different classes.

      When I want to list all existing permission for this user using method listPermissions(IdentityType identityType) from PermissionManager class then result list contains entries with wrong filled 'resourceClass' field.

      All Permission objects existing in result list have 'resourceClass' field set to class from first Permission object found by query.

      ---------------------

      I think problem can be in implementation of JPAIdentityStore class, method List<Permission> listPermissions(IdentityContext ctx, IdentityPermission query) (line 1654)

      In this case (when searching is perform by identity type) resourceClass parameter is not provided by IdentityPermission object.

      That causes resourceClass variable is null until permissions adding do result list. In line 1709 there is start of loop, iteration by 'result' collection. In line 1739 there is a check if resourceClass is null. In first iteration this condition is true, so there is a change of 'resourceClass' variable value to class of first element in 'results' collection. Then new IdentityPermission object is added to 'perms' collection in 1763 line.

      In next iteration resourceClass value is not null anymore, so there is not value changing to new class from next 'result'.

      Next IdentityPermission object is added to 'perms' collection with wrong 'resourceClass' value.

      In result, all Permission objects in result list have wrong 'resourceClass' value, which is copy of this value from first entry in this list.

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            grarky Arkadiusz Grzyb (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: