[
https://issues.apache.org/jira/browse/CLK-724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Schellink resolved CLK-724.
-------------------------------
Resolution: Fixed
Fix Version/s: 2.3.0-M1
Assignee: Bob Schellink
Done. Null is passed to AccessController#hasAccess if the Menu has no roles
defined
> Menu#isUserInRoles should check if user has access to menus without roles
> -------------------------------------------------------------------------
>
> Key: CLK-724
> URL: https://issues.apache.org/jira/browse/CLK-724
> Project: Click
> Issue Type: Improvement
> Components: core
> Reporter: Bob Schellink
> Assignee: Bob Schellink
> Priority: Minor
> Fix For: 2.3.0-M1
>
>
> Menu#isUserInRole currently assumes that if a menu has no roles defined, the
> user cannot access to it.
> I think it would be better to invoke the AcessController#hasAccess with a
> null or empty ("") role, allowing the AccessController implementation to
> decide whether or not the user has access.
> While the Servlet spec isn't explicit on this, in Tomcat,
> request.isUserInRole returns true if null is passed in. In other words, in
> Tomcat, the user has access to the "null" role.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
