On 27/02/2013 16:10, Colm O hEigeartaigh wrote:
As per the discussions on SYNCOPE-324, I'm reading a user (from the new
API) via:
users?username=X
I am authenticating using the User's username/password and not the admin
user/password. I get an exception in the logs:
org.apache.syncope.core.rest.controller.UnauthorizedRoleException: Missing
entitlement for role(s) [100]
at
org.apache.syncope.core.rest.data.UserDataBinder.getUserFromUsername(UserDataBinder.java:132)
~[UserDataBinder.class:na]
Syncope is set up with a single Role with no entitlements, and a single
User with that role, that I am authenticating as. In
UserDataBinder.getUserFromUsername we have:
Set<Long> roleIds = user.getRoleIds();
Set<Long> adminRoleIds =
EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
roleIds.removeAll(adminRoleIds);
if (!roleIds.isEmpty()) {
throw new UnauthorizedRoleException(roleIds);
}
In this case, "adminRoleIds" is empty and so the exception is thrown. Any
ideas?
Hi Colm,
for reading own roles, the same approach as per RoleController#selfRead
should be implemented.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
