Menu#isUserInRoles should check if user has access to menus without roles
-------------------------------------------------------------------------
Key: CLK-724
URL: https://issues.apache.org/jira/browse/CLK-724
Project: Click
Issue Type: Improvement
Components: core
Reporter: Bob Schellink
Priority: Minor
Menu#isUserInRole currently assumes that if a menu has no roles defined, the
user cannot access to it.
I think it would be better to invoke the AcessController#hasAccess with a null
or empty ("") role, allowing the AccessController implementation to decide
whether or not the user has access.
While the Servlet spec isn't explicit on this, in Tomcat, request.isUserInRole
returns true if null is passed in. In other words, in Tomcat, the user has
access to the "null" role.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
