mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement #90 - allow self write to name, displayname, and legalname. (#105)

Browse source 
* Implement #90 - allow self write to name, displayname, and legalname.

This is an important aspect to respecting peoples autonomy and identities
so that they can change their name when appropriate to them. Limit self read/write to live accounts, and prevent anonymous self-write
This commit is contained in:
Firstyear 2019-09-27 09:57:53 +10:00 committed by GitHub
parent 4f85883c32
commit 879095c450
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
kanidmd/src/lib/constants.rs
View file

@ -332,7 +332,7 @@ pub static JSON_IDM_SELF_ACP_READ_V1: &'static str = r#"{
"description": ["Builtin IDM Control for self read - required for whoami and many other functions."], "description": ["Builtin IDM Control for self read - required for whoami and many other functions."],
"acp_enable": ["true"], "acp_enable": ["true"],
"acp_receiver": [ "acp_receiver": [
"\"Self\"" "{\"And\": [\"Self\", {\"AndNot\": {\"Or\": [{\"Eq\": [\"class\", \"tombstone\"]}, {\"Eq\": [\"class\", \"recycled\"]}]}}]}"
], ],
"acp_targetscope": [ "acp_targetscope": [
"\"Self\"" "\"Self\""
@ -349,6 +349,29 @@ pub static JSON_IDM_SELF_ACP_READ_V1: &'static str = r#"{
} }
}"#; }"#;
pub static _UUID_IDM_SELF_ACP_WRITE_V1: &'static str = "00000000-0000-0000-0000-ffffff000021";
pub static JSON_IDM_SELF_ACP_WRITE_V1: &'static str = r#"{
"attrs": {
"class": ["object", "access_control_profile", "access_control_modify"],
"name": ["idm_self_acp_write"],
"uuid": ["00000000-0000-0000-0000-ffffff000021"],
"description": ["Builtin IDM Control for self write - required for people to update their own identities in line with best practices."],
"acp_enable": ["true"],
"acp_receiver": [
"{\"And\": [\"Self\", {\"AndNot\": {\"Or\": [{\"Eq\": [\"class\", \"tombstone\"]}, {\"Eq\": [\"class\", \"recycled\"]}, {\"Eq\": [\"uuid\", \"00000000-0000-0000-0000-ffffffffffff\"]}]}}]}"
],
"acp_targetscope": [
"\"Self\""
],
"acp_modify_removedattr": [
"name", "displayname", "legalname"
],
"acp_modify_presentattr": [
"name", "displayname", "legalname"
]
}
}"#;
/* /*
pub static _UUID_IDM_ADMINS_ACP_MANAGE_V1: &'static str = "00000000-0000-0000-0000-ffffff000005"; pub static _UUID_IDM_ADMINS_ACP_MANAGE_V1: &'static str = "00000000-0000-0000-0000-ffffff000005";
pub static JSON_IDM_ADMINS_ACP_MANAGE_V1: &'static str = r#"{ pub static JSON_IDM_ADMINS_ACP_MANAGE_V1: &'static str = r#"{

1
kanidmd/src/lib/server.rs
View file

@ -1601,6 +1601,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
// JSON_IDM_ADMINS_ACP_MANAGE_V1, // JSON_IDM_ADMINS_ACP_MANAGE_V1,
JSON_IDM_ALL_ACP_READ_V1, JSON_IDM_ALL_ACP_READ_V1,
JSON_IDM_SELF_ACP_READ_V1, JSON_IDM_SELF_ACP_READ_V1,
JSON_IDM_SELF_ACP_WRITE_V1,
JSON_IDM_ACP_PEOPLE_READ_PRIV_V1, JSON_IDM_ACP_PEOPLE_READ_PRIV_V1,
JSON_IDM_ACP_PEOPLE_WRITE_PRIV_V1, JSON_IDM_ACP_PEOPLE_WRITE_PRIV_V1,
JSON_IDM_ACP_GROUP_WRITE_PRIV_V1, JSON_IDM_ACP_GROUP_WRITE_PRIV_V1,