Impossible to use createTimestamp as a column in manager interface

Description

Impossible to use createTimestamp as a column in manager interface

Distribution Name and Version

Debian

FusionDirectory Version

1.4-dev

PHP version used

PHP7

Origin of php packages

Debian

Steps to Reproduce

1. Try to add a column createTimestamp in manager interface
2. The column is empty

Expected behavior:

A column with the date

Actual behavior:

Column is empty

Reproduces how often: 100%

changed milestone to %FusionDirectory 1.4

By Jonathan Swaelens on 2019-09-12T12:09:12 (imported from GitLab)

added PJ1811-0242 label

changed due date to September 15, 2019

By bmortier on 2019-09-12T16:25:08 (imported from GitLab)

changed due date to September 16, 2019

By bmortier on 2019-09-12T16:25:11 (imported from GitLab)

added fusiondirectory-core label

This is because of the ACL system, there is currently no ACL for createTimestamp nor modifyTimestamp.

Potential solutions:

• Add ACLs for these fields (for all object types)
• For all unknown fields, consider read rights on all subcategories is needed, as is done for access to the LDAP dump tab
• For some fields (for instance objectClass, createTimestamp and modifyTimestamp), consider them readable as soon as the object is visible (this how it’s done for dn and base)

I’m not sure if creation/modification dates may be sensitive data in some cases or if they can always be visible. Option 2 may be done on top of option 1 or 3.

By Côme Chilliet on 2019-09-17T07:25:00 (imported from GitLab)

hello @MCMic,

i vote in favour of the solution number 1

Cheers

By bmortier on 2019-09-17T07:28:58 (imported from GitLab)

added 10m of time spent at 2019-09-17

By bmortier on 2019-09-17T07:28:58 (imported from GitLab)

created merge request !672 to address this issue

By Côme Chilliet on 2019-09-17T09:16:43 (imported from GitLab)

mentioned in merge request !672

By Côme Chilliet on 2019-09-17T09:16:43 (imported from GitLab)

mentioned in commit 6046291c

By Côme Chilliet on 2019-09-17T09:21:20 (imported from GitLab)

mentioned in issue #6028

By Côme Chilliet on 2019-09-17T09:23:25 (imported from GitLab)

@jswaelens Please test this on as much management classes as possible, I only checked users.

ACLs for createTimestamp and modifyTimestamp are added if a class has an attribute named "base".

I did not add ACLs for creatorsName and modifiersName since with FD it will always contain the admin DN.

By Côme Chilliet on 2019-09-17T09:32:43 (imported from GitLab)

added 2h of time spent at 2019-09-17

By Côme Chilliet on 2019-09-17T09:32:32 (imported from GitLab)

added To Be Tested label

assigned to @jswaelens and unassigned @MCMic

By Côme Chilliet on 2019-09-17T09:32:32 (imported from GitLab)

I tested few case on demo-dev and it look good for most of them. It's juste supann entity and estabishement that didn't showed the create timestamp.

I tested the next objects department, users, groups/posix groups/roles, acl roles, sudo, dsa, applications, public forms, servers, workstations

By Jonathan Swaelens on 2019-09-18T13:10:58 (imported from GitLab)

added 1h of time spent at 2019-09-18

By Jonathan Swaelens on 2019-09-18T13:10:58 (imported from GitLab)

removed To Be Tested label

assigned to @MCMic and unassigned @jswaelens

By Jonathan Swaelens on 2019-09-18T13:10:58 (imported from GitLab)