Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:identities:adm:user-type [2020/03/27 10:35]
tomiskar 		devel:documentation:identities:adm:user-type [2021/03/26 07:40]
tomiskar [User type]
Line 1: Line 1:
 ====== User type ====== ====== User type ======
 +
 +{{tag> form projection}}
  
 User type (projection) was added in CzechIdM version 10.2.0. Projection defines frontend form to read, create and edit user. We can create and edit user by different form. For example externe and internal employee can be created and edited differently (different attributes has to be filled). Used projection for user creation is set as user type. User type (projection) was added in CzechIdM version 10.2.0. Projection defines frontend form to read, create and edit user. We can create and edit user by different form. For example externe and internal employee can be created and edited differently (different attributes has to be filled). Used projection for user creation is set as user type.
  
-Provided projection can be configured by administrator. New projection type and localization can be provided by developer.+Provided projection can be configured by administrator. New projection type and localization can be provided by [[..:dev:user-type|developer]].
  
 Configurable form (projection) with configurable features is provided in product: Configurable form (projection) with configurable features is provided in product:
  
   * **Show user personal data** - show selected or all user personal data (e.g. login, first name, surname).   * **Show user personal data** - show selected or all user personal data (e.g. login, first name, surname).
-  * **Show contract** - prime contract is shown by default. If currenly logged user has permission to read prime contract. First other contract is shown otherwise. Contract are sorted by priority the same way, as prime contract is evaluated. +  * **Show contract** - prime contract is shown by default. If currenly logged user has permission to read prime contract. First other contract is shown otherwise. Contract are sorted by priority the same way, as prime contract is evaluated. Contracts can be shown n two modes: 
-  * **Show other contract position** - first contract other position is shown by default.+    * **Show prime contract** - show (and update) prime user contract only. 
 +    * **Show all user contracts** - show (and update) all user contracts. Code list ''contract-position'' s required for newly created user together with contracts - available contract types are controlled by organization types. 
 +  * **Validations** for basic user personal data and basic contract attributes can be defined
 +  * **Show other contract position** - first contract other position can be shown.
   * **Show extended identity attributes** - show selected extended attributes from selected form definitions.   * **Show extended identity attributes** - show selected extended attributes from selected form definitions.
   * **Show extended contract attributes** - show selected extended attributes from selected form definitions. Contract are sorted by priority. Prime contract extended attributes can be edited, if logged user can read and edit prime contract. If logged user cannot read prime contract, next contract which identity can read is shown.   * **Show extended contract attributes** - show selected extended attributes from selected form definitions. Contract are sorted by priority. Prime contract extended attributes can be edited, if logged user can read and edit prime contract. If logged user cannot read prime contract, next contract which identity can read is shown.
Line 17: Line 22:
 <note tip>Authorization policies has to be [[#authorization_policies|configured]] to see all projection features. For example, if currently logged user cannot read contracts, then contract will be hidden.</note> <note tip>Authorization policies has to be [[#authorization_policies|configured]] to see all projection features. For example, if currently logged user cannot read contracts, then contract will be hidden.</note>
  
-===== Configure and use new projection =====+<note tip>Code list ''contract-position'' (e.g. with items ''Default'', ''Organization One'', ''Organization Two'') has to be defined, when more contracts should be created thogether with newly created user. Authorization policies has to be [[#authorization_policies|configured]] to codelist items too.</note>
  
-==== Projection agenda ====+===== Configure and use form projection =====
  
-New projection can be configured from agenda **Setting** -> **Form definitions** -> **Form projections** -> **Add** button.+How to configure and use product form projection is described in [[tutorial:adm:user-type|tutorial]].
  
-{{ :devel:documentation:identities:adm:projection-list.png |}}+How to register new form projection type is described in [[..:dev:user-type|devel guide]].
  
-==== Add new projection ====+===== Configuration =====
  
-We can configure new projection to introduce all features: +==== Available configuration properties ====
-  * Code - **Externe user**. Projection simple name. +
-  * Module - we can leave it empty, **core** module is used by default. +
-  * Basic attributes - select  **User name**, **First name**, **Surname**. +
-  * Form definitions - we need to prepare extended attributes form definition before to use then here, we will use this definitions and attributes as example: +
-    * **default - IdmIdentity** - default form definition for users, select attributes: +
-      * **Mobile phone** - text attribute +
-      * **Reqistration** - boolean attribute +
-    * **default - default - IdmIdentityContract** - default form definition for cntracts, select attributes: +
-      * **Environment** - codelist ith available environments +
-      * **Manager** - user select box +
-  * Description - **Create and edit externe user.** Description is shown in projection list (into about projection and for filter).+
  
-{{ :devel:documentation:identities:adm:projection-detail.png |}}+In the application profile (application.properties) and overloadable via ConfigurationService
  
-<note tip>We filled simple projection name as projection codeProjection name will be shown without localizationRead how to add [[#localization|localization]]</note>+<code properties> 
 +# show default form for newly created user  
 +# default form can be disabled =at least one configured form projection is needed 
 +idm.pub.app.show.identity.formProjection.default=true 
 +# 
 +# default password change type for custom users, one of values:  
 +# DISABLED - password change is disable 
 +# ALL_ONLY - users can change passwords only for all accounts 
 +# CUSTOM - users can choose for which accounts change password 
 +# Needed on FE (=> public)  
 +idm.pub.core.identity.passwordChange=CUSTOM 
 +</code>
  
-<note tip>Authorization policies have to be configured to read and edit extended attributes by admin and user. Read how to configure [[#authorization-policies|authorization policies]].</note>+==== Authorization policies ====
  
-<note tip>Attributes generated by system can be hidden. For example we not provide to set or change user password - we expect password will be generated after user will be provisioned on target system (one password will be set to all user account and for IdM too). Read how to [[#set_or_change_user_password|set or change user password]] by product projection.</note>+=== Administrator ===
  
-==== Choose projection ====+Aministrator for create, edit and delete configured form projection.
  
-When new user is created (menu **Users** -> **Create user** button.), then newly created projection can be chosen:+  Permission to autocomplete and read form definitions: Forms definitions (IdmFormDefiniton) | View in select box (autocomplete), Read | BasePermissionEvaluator 
 +  * Permission to autocomplete and read form attributesForms - attributes (IdmFormAttribute) | - | FormAttributteByDefinitionEvaluator 
 +  * Permission to admin form projections: Forms - projections (IdmFormProjection) | Administration (all) | BasePermissionEvaluator
  
-{{ :devel:documentation:identities:adm:projection-choose.png |}}+=== Manager ===
  
-<note tip>Default form can be used too as defaultRead how to hide this option by [[#available_configuration_properties|configuration]], if needed.</note>+Manager for create and edit user with form projection usage with all features enabled.
  
-=== User detail for create user by configuration above ====+<note tip>User detail with form projection usage can be saved (save button is shown), when logged user can update selected user.</note>
  
-{{ :devel:documentation:identities:adm:projection-user-create.png |}}+  * Permission to work with identitiesUsers (IdmIdentity) | View in select box (autocomplete), Create, Read, Update, Change roles, Change user type (projection), Password change | BasePermissionEvaluator 
 +  * Permission to read contracts according to identityIndustrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator 
 +  * Permission to read other contract positions according to contractOther contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator 
 +  * Permission to read the assigned identity rolesRoles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator 
 +  * Permission to request roles (which can be requested)Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator 
 +  * Permission to read role requests according to identity: Requests for assigned roles (IdmRoleRequest) | | RoleRequestByIdentityEvaluator 
 +  * Permission to autocomplete form projections: Forms projections(IdmFormProjection) | View in select box (autocomplete) | BasePermissionEvaluator 
 +  * Permission to autocomplete form definitions: Forms - projections(IdmFormProjection) | View in select box (autocomplete) | BasePermissionEvaluator 
 +  * Permission to read and update all identity attributes in main definition: Forms - values (IdmIdentityFormValue) | View in select box (autocomplete) | IdentityFormValueEvaluator 
 +  * Permission to read and update all contract attributes in main definition: Forms - values (IdmIdentityContractFormValue) | View in select box (autocomplete) | IdentityContractFormValueEvaluator 
 +  * Permission to read codelist ''contract-position'' items: Code lists - items (IdmCodeListItem)| Read | CodeListItemByCodeEvaluator 
 +  *  Enabling the autocomplete for entities: 
 +    * Role (IdmRole) | Displaying in autocomplete, selections | BasePermissionEvaluator 
 +    * Structure types (IdmTreeType) | View in select box (autocomplete) | BasePermissionEvaluator 
 +    * Tree nodes (IdmTreeNode) | View in select box (autocomplete) | BasePermissionEvaluator 
 +    * Accounts (AccAccount) | - | ReadAccountByIdentityEvaluator (← use this only when using acc module) 
 +    * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator (← use this only when using acc module) 
 +    * Code lists (IdmCodeList) | Displaying in autocomplete, selections | BasePermissionEvaluator 
 +    * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, selections BasePermissionEvaluator
  
-We can create new user with all attributes are filled. We can choose roles, which will have to be assigned (requested) for created user. Used form (projection) is set as user type. After form is saved, the same form is shown and user can be edited if needed. The same form is used and shown as user detail.+=== Manager - create and edit identity only ===
  
-=== User detail for edit user by configuration above ====+Manager for create and edit user with form projection usage only (simplest setting).
  
-{{ :devel:documentation:identities:adm:projection-user-edit.png |}}+  * Permission to work with identities: Users (IdmIdentity) | Create, Read, Update | BasePermissionEvaluator 
 +  * Permission to autocomplete form projectionsForms projections(IdmFormDefiniton) | View in select box (autocomplete) BasePermissionEvaluator
  
-=== Default full detail ===+=== Normal user ===
  
-Default full detail can be shown for each user with projection usageNew button was added into user (and projection) detail header:+Other user doesn't need any additional autorization policy configurationForm projection is saved together with user and when user detail is shown, then this projection is used.
  
-{{ :devel:documentation:identities:adm:projection-default-detail.png |}}+ 
  
-Button is available for all logged user without any additional permission is needed. Quick link to default full detail is available from top profile menu. Buttons on dashboard ane any other link to user detail will lead to projection form.+==== Localization ====
  
-The same way is posible to go back to form by projection from full default detail. Button is in the same place with different direction.+Two projections are [[..:dev:user-type#localization|localized]] by default in product. If projection with code ''identity-externe'' or ''identity-internal'' will be configured, then [[..:dev:user-type#localization|localization]] will be used.
  
-==== Change user type ====+Localization can be added or changed by developer, read more in [[..:dev:user-type#localization|devel guide]]
  
-User type (projection) can be changed from default full identity detail:+==== Tips ====
  
-After user type is changed and user is saved, then button in detail header (see above) can be used for show user in form projection.+=== Skip user dashboard  ===
  
-<note tip>Authorization policies have to be [[#authorization-policies|configured]] to enable change user type.</note>+If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ''ctrl'' key when clicking on user link (or info card).
  
-==== Set or change user password ====+=== Validations  ===
  
-Add **password** ...+Validations for basic user personal data and contracts can be definedValidations are evaluated in whole application even on standard user and contract details for user in given projection.
  
-<note tip>Authorization policies have to be [[#authorization-policies|configured]] to enable password change.</note>+===== Admin tutorials ===== 
 +  * [[tutorial:adm:user-type]]
  
-==== Add or change user roles ==== +===== Devel guide ===== 
- +  [[..:dev:user-type]]
-Add / change request +
- +
-<note tip>Authorization policies have to be [[#authorization-policies|configured]] to enable this feature.</note> +
- +
- +
-===== Configuration ===== +
- +
-==== Available configuration properties ==== +
- +
-how to disable default projection +
- +
-==== Authorization policies ==== +
- +
-security - projection / identity eav / contract eav +
- +
-Administrator - configure projection + eav +
-User - create user with projection usage + eav + password + identity roles (read, can be requested) + contract + contract position +
-User change user type - 'FORMPROJECTION_AUTOCOMPLETE', 'FORMPROJECTION_READ' + 'CHANGEPROJECTION' +
-Normal user: don't need any new policy configuration. Form projection is saved together with user and when user detail is shown, then this projection is used.  +
- +
-==== Localization ==== +
- +
-==== Tips ==== +
- +
-=== Skip user dashboard  === +
- +
-If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ''ctrl'' key when clicking on user link (or info card).+
  
  
-TODO: 
-  * how to add projection (devel + override + localization) 
-  * split to developer guide / admin tutorial? 
-  * identity roles are assigned asynchronously => requests 
  • by tomiskar