[
http://jira.magnolia-cms.com/browse/MAGNOLIA-1582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grégory Joseph updated MAGNOLIA-1582:
-------------------------------------
Description:
Scenario
Let say there are 5 users which have special privileges.
Instead of assigning to each user all the necessary roles and groups a special
group is created (e.g. GSPECIAL)
Add groups publisher and editor to group GSPECIAL and add as many roles as
necessary to group GSPECIAL.
Then add each of 5 users to group GSPECIAL.
Problem #1:
Inbox notification does not work.
None of the members of GSPECIAL have a direct relationship with groups
"publisher" and "editor" which are necessary for Inbox notification..However,
users *DO* belong to those groups via indirect group membership...
Problem #2:
Role inheritance does not work.
Getting user roles via API returns only direct assigned roles. In our scenrio
that means none of the 5 users have roles defines which is not true. All 5
users have indirect roles defined via group membership.
Perhaps my logic is flawed but if a user is a member of a group which in turn
has other groups and roles than that user shold inherit all those roles and
groups along with their privileges....
Workaround:
Assign groups and roles directly to user.
Quick solution:
Disable assigning groups and roles in group dialog or abandon groups
allthogether (bad idea). I am sure workflow can be based off of roles in that
case...
was:
Scenario
Let say there are 5 users which have special priviledges.
Instead of assigning to each user all the necessary roles and groups a special
group is created (e.g. GSPECIAL)
Add groups publisher and editor to group GSPECIAL and add as many roles as
necessary to group GSPECIAL.
Then add each of 5 users to group GSPECIAL.
Problem #1:
Inbox notification does not work.
None of the members of GSPECIAL have a direct relationship with groups
"publisher" and "editor" which are necessary for Inbox notification..However,
users *DO* belong to those groups via indirect group membership...
Problem #2:
Role inheritance does not work.
Getting user roles via API returns only direct assigned roles. In our scenrio
that means none of the 5 users have roles defines which is not true. All 5
users have indirect roles defined via group membership.
Perhaps my logic is flawed but if a user is a member of a group which in turn
has other groups and roles than that user shold inherit all those roles and
groups along with their priviledges....
Workaround:
Assign groups and roles directly to user.
Quick solution:
Disable assigning groups and roles in group dialog or abandon groups
allthogether (bad idea). I am sure workflow can be based off of roles in that
case...
> User groups and roles are not resolving unles directly specified
> ----------------------------------------------------------------
>
> Key: MAGNOLIA-1582
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-1582
> Project: Magnolia
> Issue Type: Bug
> Reporter: Amir Mistric
> Assignee: Grégory Joseph
> Priority: Major
> Fix For: 3.5 RC1
>
>
> Scenario
> Let say there are 5 users which have special privileges.
> Instead of assigning to each user all the necessary roles and groups a
> special group is created (e.g. GSPECIAL)
> Add groups publisher and editor to group GSPECIAL and add as many roles as
> necessary to group GSPECIAL.
> Then add each of 5 users to group GSPECIAL.
> Problem #1:
> Inbox notification does not work.
> None of the members of GSPECIAL have a direct relationship with groups
> "publisher" and "editor" which are necessary for Inbox notification..However,
> users *DO* belong to those groups via indirect group membership...
> Problem #2:
> Role inheritance does not work.
> Getting user roles via API returns only direct assigned roles. In our scenrio
> that means none of the 5 users have roles defines which is not true. All 5
> users have indirect roles defined via group membership.
> Perhaps my logic is flawed but if a user is a member of a group which in turn
> has other groups and roles than that user shold inherit all those roles and
> groups along with their privileges....
> Workaround:
> Assign groups and roles directly to user.
> Quick solution:
> Disable assigning groups and roles in group dialog or abandon groups
> allthogether (bad idea). I am sure workflow can be based off of roles in that
> case...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
