Re: [Dspace-devel] XmlWorkflowManager turns authorization system off

Wed, 27 Jun 2012 01:01:09 -0700 

Nestor,

I would need to review the code further to validate if it would make sense
to turn the authorization on as a default.  However, I would recommend that
you can also easily determine if the user is an administrator by querying
the Group API directly.

Group.isMember(c, 1);

where "1" is the administrator group.

Regards,
Mark

On Mon, Jun 25, 2012 at 12:04 PM, Nestor Oviedo <[email protected]>wrote:

> Hi all.
> I'm writing a very simple custom user selection action (extending from
> ClaimAction) which overrides the isValidUserSelection() method in
> order to return false when the current user is an admin.
> The problem is that the XmlWorkflowManager->start() method always
> invokes the context.turnOffAuthorisationSystem(), which means the
> AuthorizeManager.isAdmin() method will always return true.
>
> I wonder: why the XmlWorkflowManager always turns the authorization
> system off ? Is it there any known risk in avoiding this behavior ?
>
> Thanks
> Nestor
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Dspace-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-devel
>



-- 
[image: @mire Inc.]
*Mark Diggory *(Schedule a Meeting <https://tungle.me/markdiggory>)
*2888 Loker Avenue East, Suite 305, Carlsbad, CA. 92010*
*Esperantolaan 4, Heverlee 3001, Belgium*
http://www.atmire.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to