Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Genesys Backend Genesys Backend
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 28
    • Issues 28
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Genesys PGRGenesys PGR
  • Genesys BackendGenesys Backend
  • Issues
  • #561
Closed
Open
Issue created Dec 15, 2020 by Matija Obreza@mobrezaOwner

SID autocomplete and display

I hit an issue when using the Permission Editor in Genesys UI where a Partner and OAuthClient use the same "name".

Please also implement this change in grin-global-server.

Autocomplete

The SID autocomplete method in PermissionController (v1, v2?) uses Map<String, Long> to return "names" mapped to their AclSid#id field. This means that if two entries use the same "name" (client.getTitle(), role.name(), partner.getShortName(), ...) the only the last one will be included in the Map.

It would be better if the map returned was Map<Long, String>, mapping AclSid#id to a "name" since id is guaranteed to be unique.

A new UI ticket needs to be created to respect this change.

Display

This is a potential information leak.

The method to list permissions at /permissions/{aclObjectIdentityId} uses @JsonView(JsonViews.Minimal.class), but OAuthClient does not declare JsonViews.Protected or .Internal for many of its fields and getters.

Please add @JsonView(JsonViews.Protected.class) to registeredRedirectUri, authorizedGrantTypes, authorities, allowedOrigins, autoApproveScopes and publicRecaptchaKey.

Edited Dec 15, 2020 by Matija Obreza
Assignee
Assign to
Time tracking