Hi Bertrand We do not have a complete implementation of the ResourceAccessSecurity at the moment. I stopped committing more code there because of the ongoing discussions about this service in general. The implementation by now can handle read operations on resource level only. But I strongly support your demand to have a good test suite for the Functionality of this service (and I would like to have some support for the integration tests as mentioned earlier, when it comes to the test suite)
best regards mike > -----Original Message----- > From: Bertrand Delacretaz [mailto:[email protected]] > Sent: Wednesday, January 15, 2014 10:12 AM > To: dev > Subject: Re: Reconsidering when to apply resource access security > > Hi Mike, > > On Wed, Jan 15, 2014 at 10:02 AM, Mike Müller <[email protected]> wrote: > > ...I think if > > someone like to use ResourceAccessGate it should be as easy and logical > > as possible. And that really would be without any flag to configure it. Just > > write an ResourceAccessGate and it works... > > Do we have tests that demonstrate that "it works" ? > > I haven't checked, but if we accept it as a security feature we need a > strong test suite that demonstrates it. > > -Bertrand
