Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Genesys Backend Genesys Backend
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 22
    • Issues 22
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Repository
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Genesys PGR
  • Genesys BackendGenesys Backend
  • Issues
  • #561

Closed
Open
Created Dec 15, 2020 by Matija Obreza@mobrezaOwner

SID autocomplete and display

I hit an issue when using the Permission Editor in Genesys UI where a Partner and OAuthClient use the same "name".

Please also implement this change in grin-global-server.

Autocomplete

The SID autocomplete method in PermissionController (v1, v2?) uses Map<String, Long> to return "names" mapped to their AclSid#id field. This means that if two entries use the same "name" (client.getTitle(), role.name(), partner.getShortName(), ...) the only the last one will be included in the Map.

It would be better if the map returned was Map<Long, String>, mapping AclSid#id to a "name" since id is guaranteed to be unique.

A new UI ticket needs to be created to respect this change.

Display

This is a potential information leak.

The method to list permissions at /permissions/{aclObjectIdentityId} uses @JsonView(JsonViews.Minimal.class), but OAuthClient does not declare JsonViews.Protected or .Internal for many of its fields and getters.

Please add @JsonView(JsonViews.Protected.class) to registeredRedirectUri, authorizedGrantTypes, authorities, allowedOrigins, autoApproveScopes and publicRecaptchaKey.

Edited Dec 15, 2020 by Matija Obreza
Assignee
Assign to
Time tracking