[
https://issues.apache.org/jira/browse/SYNCOPE-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18045411#comment-18045411
]
Francesco Chicchiriccò commented on SYNCOPE-1939:
-------------------------------------------------
After some analysis, the issue seems to be more involved than expected, not
being a bare caching issue.
The point is that, when creating a new AnyType {{type1}}, Syncope will generate
a set of corresponding entitlements as follows:
* {{SEARCH_type1}}
* {{CREATE_type1}}
* {{READ_type1}}
* {{UPDATE_type1}}
* {{DELETE_type1}}
to allow for operations on the new AnyType.
When a user logs in, the set of assigned entitlements is calculated and stored
in the returned JWT.
When instead basic authentication is used, the set of assigned entitlements is
calculated for every HTTP call.
Console and Enduser are using JWT authentication, thus after the user logs in,
only the existing AnyTypes are present in the owned entitlements.
While the user stays logged into Console, the set of entitlements is not
refreshed; so, if AnyType gets created meanwhile, it will not be visible until
logout / login.
I don't think that this behavior can be "fixed", unless we decide to stop
providing the entitlements as part of JWT and fallback to entitlements
re-calculation at every HTTP call.
Moreover, creating new AnyTypes is normally part of the initial project setup
for most use cases, so the trade-off is not much justifiable.
I think we should just accept the reported behavior as a limitation that could
not be reasonably avoided without losing other greater benefits.
> API call POST rest/anyTypes creates object but don't soon update console GUI
> ----------------------------------------------------------------------------
>
> Key: SYNCOPE-1939
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1939
> Project: Syncope
> Issue Type: Bug
> Components: console
> Affects Versions: 4.0.3
> Reporter: Stéphane POPOFF
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 4.0.4, 4.1.0
>
>
> Starting with a clean instance, I create a schema and a class using the API,
> and finally an object. All calls are valid, but in the end, I can't find the
> PERSON tab in the Domains view.
> The object exists in the configuration but isn't loaded into the view.
> The curl requests:
> {code:java}
> curl --location 'http://<CoreServer>/syncope/rest/schemas/PLAIN' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "_class": "org.apache.syncope.common.lib.to.PlainSchemaTO",
> "key": "personId",
> "anyTypeClass": "personne",
> "type": "String",
> "mandatoryCondition": "true",
> "uniqueConstraint": "true"
> }'
> curl --location 'http://<CoreServer>/syncope/rest/schemas/PLAIN' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "_class": "org.apache.syncope.common.lib.to.PlainSchemaTO",
> "key": "nom",
> "anyTypeClass": "personne",
> "type": "String"
> }'
> curl --location 'http://<CoreServer>/syncope/rest/schemas/PLAIN' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "_class": "org.apache.syncope.common.lib.to.PlainSchemaTO",
> "key": "prenom",
> "anyTypeClass": "personne",
> "type": "String"
> }'curl --location 'http://<CoreServer>/syncope/rest/schemas/PLAIN' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "_class": "org.apache.syncope.common.lib.to.PlainSchemaTO",
> "key": "operationalUnit",
> "anyTypeClass": "personne",
> "type": "String"
> }'
> curl --location 'http://<CoreServer>/syncope/rest/anyTypeClasses' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "key": "personne",
> "plainSchemas": [
> "personId",
> "nom",
> "prenom",
> "operationalUnit"
> ],
> "derSchemas": [],
> }'curl --location 'http://<CoreServer>/syncope/rest/anyTypes' \
> --header 'Accept: application/json' \
> --header 'Content-Type: application/json' \
> --header 'Authorization: ••••••' \
> --data '{
> "key": "PERSON",
> "kind": "ANY_OBJECT",
> "classes": [
> "personne"
> ]
> }'{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
