Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:identities:adm:user-type [2020/04/06 05:46]
tomiskar [Authorization policies] 		devel:documentation:identities:adm:user-type [2021/03/29 08:54] (current)
tomiskar [User type]
Line 10: Line 10:
  
   * **Show user personal data** - show selected or all user personal data (e.g. login, first name, surname).   * **Show user personal data** - show selected or all user personal data (e.g. login, first name, surname).
-  * **Show contract** - prime contract is shown by default. If currenly logged user has permission to read prime contract. First other contract is shown otherwise. Contract are sorted by priority the same way, as prime contract is evaluated. +  * **Show contract** - prime contract is shown by default. If currenly logged user has permission to read prime contract. First other contract is shown otherwise. Contract are sorted by priority the same way, as prime contract is evaluated. Contracts can be shown n two modes: 
-  * **Show other contract position** - first contract other position is shown by default.+    * **Show prime contract** - show (and update) prime user contract only. 
 +    * **Show all user contracts** - show (and update) all user contracts. Code list ''contract-position'' s required for newly created user together with contracts - available contract types are controlled by organization types. 
 +  * **Validations** for basic user personal data and basic contract attributes can be defined
 +  * **Show other contract position** - first contract other position can be shown.
   * **Show extended identity attributes** - show selected extended attributes from selected form definitions.   * **Show extended identity attributes** - show selected extended attributes from selected form definitions.
   * **Show extended contract attributes** - show selected extended attributes from selected form definitions. Contract are sorted by priority. Prime contract extended attributes can be edited, if logged user can read and edit prime contract. If logged user cannot read prime contract, next contract which identity can read is shown.   * **Show extended contract attributes** - show selected extended attributes from selected form definitions. Contract are sorted by priority. Prime contract extended attributes can be edited, if logged user can read and edit prime contract. If logged user cannot read prime contract, next contract which identity can read is shown.
   * **Set or change user password** - user can be created with or without password. Link to password change is shown for edited user.   * **Set or change user password** - user can be created with or without password. Link to password change is shown for edited user.
   * **Request to change roles** - roles can be requested for newly added user. Assigned roles are shown with button to change assigned roles by role request for edited user.   * **Request to change roles** - roles can be requested for newly added user. Assigned roles are shown with button to change assigned roles by role request for edited user.
 +  * **Set direct guarantee for new contract** - set currently logged user as direct guarantee for newly created contract.
  
 <note tip>Authorization policies has to be [[#authorization_policies|configured]] to see all projection features. For example, if currently logged user cannot read contracts, then contract will be hidden.</note> <note tip>Authorization policies has to be [[#authorization_policies|configured]] to see all projection features. For example, if currently logged user cannot read contracts, then contract will be hidden.</note>
 +
 +<note tip>Code list ''contract-position'' (e.g. with items ''Default'', ''Organization One'', ''Organization Two'') has to be defined, when more contracts should be created thogether with newly created user. Authorization policies has to be [[#authorization_policies|configured]] to codelist items too.</note>
  
 ===== Configure and use form projection ===== ===== Configure and use form projection =====
Line 70: Line 76:
   * Permission to read and update all identity attributes in main definition: Forms - values (IdmIdentityFormValue) | View in select box (autocomplete) | IdentityFormValueEvaluator   * Permission to read and update all identity attributes in main definition: Forms - values (IdmIdentityFormValue) | View in select box (autocomplete) | IdentityFormValueEvaluator
   * Permission to read and update all contract attributes in main definition: Forms - values (IdmIdentityContractFormValue) | View in select box (autocomplete) | IdentityContractFormValueEvaluator   * Permission to read and update all contract attributes in main definition: Forms - values (IdmIdentityContractFormValue) | View in select box (autocomplete) | IdentityContractFormValueEvaluator
 +  * Permission to read codelist ''contract-position'' items: Code lists - items (IdmCodeListItem)| Read | CodeListItemByCodeEvaluator
   *  Enabling the autocomplete for entities:   *  Enabling the autocomplete for entities:
     * Role (IdmRole) | Displaying in autocomplete, selections | BasePermissionEvaluator     * Role (IdmRole) | Displaying in autocomplete, selections | BasePermissionEvaluator
Line 76: Line 83:
     * Accounts (AccAccount) | - | ReadAccountByIdentityEvaluator (← use this only when using acc module)     * Accounts (AccAccount) | - | ReadAccountByIdentityEvaluator (← use this only when using acc module)
     * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator (← use this only when using acc module)     * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator (← use this only when using acc module)
 +    * Code lists (IdmCodeList) | Displaying in autocomplete, selections | BasePermissionEvaluator
 +    * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, selections | BasePermissionEvaluator
  
 === Manager - create and edit identity only === === Manager - create and edit identity only ===
Line 101: Line 110:
  
 If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ''ctrl'' key when clicking on user link (or info card). If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ''ctrl'' key when clicking on user link (or info card).
 +
 +=== Validations  ===
 +
 +Validations for basic user personal data and contracts can be defined. Validations are evaluated in whole application even on standard user and contract details for user in given projection.
  
 ===== Admin tutorials ===== ===== Admin tutorials =====
  • by tomiskar