This is an old revision of the document!
User type
User type (projection) was added in CzechIdM version 10.2.0. Projection defines frontend form to read, create and edit user. We can create and edit user by different form. For example externe and internal employee can be created and edited differently (different attributes has to be filled). Used projection for user creation is set as user type.
Provided projection can be configured by administrator. New projection type and localization can be provided by developer.
Configurable form (projection) with configurable features is provided in product:
- Show user personal data - show selected or all user personal data (e.g. login, first name, surname).
- Show contract - prime contract is shown by default. If currenly logged user has permission to read prime contract. First other contract is shown otherwise. Contract are sorted by priority the same way, as prime contract is evaluated.
- Show other contract position - first contract other position is shown by default.
- Show extended identity attributes - show selected extended attributes from selected form definitions.
- Show extended contract attributes - show selected extended attributes from selected form definitions. Contract are sorted by priority. Prime contract extended attributes can be edited, if logged user can read and edit prime contract. If logged user cannot read prime contract, next contract which identity can read is shown.
- Set or change user password - user can be created with or without password. Link to password change is shown for edited user.
- Request to change roles - roles can be requested for newly added user. Assigned roles are shown with button to change assigned roles by role request for edited user.
Configure and use new projection
Projection agenda
New projection can be configured from agenda Setting → Form definitions → Form projections → Add button.
Add new projection
We can configure new projection to introduce all features:
- Code - Externe user. Projection simple name.
- Module - we can leave it empty, core module is used by default.
- Basic attributes - select User name, First name, Surname.
- Form definitions - we need to prepare extended attributes form definition before to use then here, we will use this definitions and attributes as example:
- default - IdmIdentity - default form definition for users, select attributes:
- Mobile phone - text attribute
- Reqistration - boolean attribute
- default - default - IdmIdentityContract - default form definition for cntracts, select attributes:
- Environment - codelist ith available environments
- Manager - user select box
- Description - Create and edit externe user. Description is shown in projection list (into about projection and for filter).
Choose projection
When new user is created (menu Users → Create user button.), then newly created projection can be chosen:
User detail for create user by configuration above
We can create new user with all attributes are filled. We can choose roles, which will have to be assigned (requested) for created user. Used form (projection) is set as user type. After form is saved, the same form is shown and user can be edited if needed. The same form is used and shown as user detail.
User detail for edit user by configuration above
Default full detail
Default full detail can be shown for each user with projection usage. New button was added into user (and projection) detail header:
Button is available for all logged user without any additional permission is needed. Quick link to default full detail is available from top profile menu. Buttons on dashboard ane any other link to user detail will lead to projection form.
The same way is posible to go back to form by projection from full default detail. Button is in the same place with different direction.
Change user type
User type (projection) can be changed from default full identity detail:
After user type is changed and user is saved, then button in detail header (see above) can be used for show user in form projection.
Set or change user password
If password attribute is added in projection personal data configuration, then:
- New password can be filled fo newly created user,
- link to change password is available for edited user.
Add or change user roles
New roles can be requested for newly added user. If user is edited, then assigned roles are shown with button to change assigned roles by role request.
Identity roles are assigned asynchronously, so pending role requests are shown together with assigned roles. Assigned roles are refreshed automatically, when asynchronous role request is completed.
Configuration
Available configuration properties
In the application profile (application.properties) and overloadable via ConfigurationService.
# show default form for newly created user # default form can be disabled => at least one configured form projection is needed idm.pub.app.show.identity.formProjection.default=true # # default password change type for custom users, one of values: # DISABLED - password change is disable # ALL_ONLY - users can change passwords only for all accounts # CUSTOM - users can choose for which accounts change password # Needed on FE (=> public) idm.pub.core.identity.passwordChange=CUSTOM
Authorization policies
Default settings of permissions for an identity profile is expected.
Administrator
Aministrator for create, edit and delete configured form projection.
Administrator - configure projection + eav formdefinition - read.
Manager
Manager for create and edit user with form projection usage with all features enabled.
User - create user with projection usage + eav + password + identity roles (read, can be requested) + contract + contract position security - projection / identity eav / contract eav User - change user type - 'FORMPROJECTION_AUTOCOMPLETE', 'FORMPROJECTION_READ' + 'CHANGEPROJECTION'
Normal user
Other user doesn't need any additional autorization policy configuration. Form projection is saved together with user and when user detail is shown, then this projection is used.
Localization
Tips
Skip user dashboard
If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ctrl
key when clicking on user link (or info card).
TODO:
- how to add projection (devel + override + localization)
- split to developer guide / admin tutorial?