Merge branch 'master' of https://github.com/apache/syncope

apache · Dec 10, 2023 · 945994f · 945994f
2 parents de90a78 + c8abd05
commit 945994f
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 7 deletions.
diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
@@ -507,17 +507,17 @@ protected ProvisioningResult<UserTO> doDelete(
     }
 
     protected void updateChecks(final String key) {
-        User user = userDAO.authFind(key);
+        UserTO userTO = binder.getUserTO(key);
 
         Set<String> authRealms = RealmUtils.getEffective(
                 AuthContextUtils.getAuthorizations().get(IdRepoEntitlement.USER_UPDATE),
-                user.getRealm().getFullPath());
+                userTO.getRealm());
         userDAO.securityChecks(
                 authRealms,
-                user.getKey(),
-                user.getRealm().getFullPath(),
-                user.getMemberships().stream().
-                        map(m -> m.getRightEnd().getKey()).
+                userTO.getKey(),
+                userTO.getRealm(),
+                userTO.getMemberships().stream().
+                        map(MembershipTO::getGroupKey).
                         collect(Collectors.toSet()));
     }
 

diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -54,6 +54,7 @@
 import org.apache.syncope.common.lib.request.GroupCR;
 import org.apache.syncope.common.lib.request.MembershipUR;
 import org.apache.syncope.common.lib.request.PasswordPatch;
+import org.apache.syncope.common.lib.request.ResourceAR;
 import org.apache.syncope.common.lib.request.StringPatchItem;
 import org.apache.syncope.common.lib.request.StringReplacePatchItem;
 import org.apache.syncope.common.lib.request.UserCR;
@@ -68,19 +69,23 @@
 import org.apache.syncope.common.lib.to.ProvisioningResult;
 import org.apache.syncope.common.lib.to.RealmTO;
 import org.apache.syncope.common.lib.to.ResourceTO;
+import org.apache.syncope.common.lib.to.RoleTO;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.types.AnyTypeKind;
 import org.apache.syncope.common.lib.types.CipherAlgorithm;
 import org.apache.syncope.common.lib.types.ClientExceptionType;
 import org.apache.syncope.common.lib.types.ExecStatus;
 import org.apache.syncope.common.lib.types.IdMImplementationType;
+import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.apache.syncope.common.lib.types.IdRepoImplementationType;
 import org.apache.syncope.common.lib.types.ImplementationEngine;
 import org.apache.syncope.common.lib.types.MappingPurpose;
 import org.apache.syncope.common.lib.types.PatchOperation;
 import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.ResourceAssociationAction;
 import org.apache.syncope.common.rest.api.RESTHeaders;
 import org.apache.syncope.common.rest.api.beans.RealmQuery;
+import org.apache.syncope.common.rest.api.service.UserService;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import org.apache.syncope.core.provisioning.java.propagation.DBPasswordPropagationActions;
 import org.apache.syncope.core.provisioning.java.propagation.GenerateRandomPasswordPropagationActions;
@@ -1610,4 +1615,23 @@ public void issueSYNCOPE1750() {
             assertTrue(e.getMessage().contains("InvalidPassword: Password must be 10 or more characters in length."));
         }
     }
+
+    @Test
+    public void issueSYNCOPE1793() {
+        RoleTO role = new RoleTO();
+        role.setKey("syncope1793" + getUUIDString());
+        role.getRealms().add(SyncopeConstants.ROOT_REALM);
+        role.getEntitlements().add(IdRepoEntitlement.USER_UPDATE);
+        role = createRole(role);
+
+        UserCR userCR = UserITCase.getUniqueSample("[email protected]");
+        userCR.getRoles().add(role.getKey());
+        UserTO userTO = createUser(userCR).getEntity();
+
+        UserService userService = CLIENT_FACTORY.create(userTO.getUsername(), "password123").
+                getService(UserService.class);
+        Response response = userService.associate(new ResourceAR.Builder().key(userTO.getKey()).
+                resource(RESOURCE_NAME_NOPROPAGATION).action(ResourceAssociationAction.ASSIGN).build());
+        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+    }
 }
diff --git a/pom.xml b/pom.xml
@@ -411,7 +411,7 @@ under the License.
 
     <cxf.version>4.0.3</cxf.version>
     <bouncycastle.version>1.77</bouncycastle.version>
-    <nimbus-jose-jwt.version>9.37.2</nimbus-jose-jwt.version>
+    <nimbus-jose-jwt.version>9.37.3</nimbus-jose-jwt.version>
 
     <spring-boot.version>3.2.0</spring-boot.version>
     <spring-cloud-gateway.version>4.1.0-RC1</spring-cloud-gateway.version>