Shawn, Started working on this. I don't think DelegatedAdminManagerLoad.xml has everything... for example in GroupMgr, I think roleGroups needs one, but don't see it in the xml file. Do you concur?
Is it correct to assume that anywhere I see this line checkAccess( CLS_NM, methodName ); it needs to have an admin permission operation? ~Chris ----- Original Message ----- From: "Chris Pike" <[email protected]> To: [email protected] Sent: Tuesday, May 16, 2017 8:46:33 AM Subject: Re: Load Admin Permissions I don't see any downside. https://issues.apache.org/jira/browse/FC-210 ----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Monday, May 15, 2017 4:35:15 PM Subject: Re: Load Admin Permissions > On May 15, 2017, at 3:23 PM, Chris Pike <[email protected]> wrote: > > It looks like the addPermissionAttributeSet is missing from that. I think > DelegatedAdminManagerLoad.xml has everything, but not sure if there is an > easy way to read that file. which should be corrected, as it means we don’t have an admin permission yet and aren’t testing it usage properly. I agree with your assessment, prolly no to use the test class that isn’t a hack. In any case that class resides in the test jar and I doubt you’d want to add that dependency to your prod envs, nor would I. > > On May 15, 2017, at 3:23 PM, Chris Pike <[email protected]> wrote: > > I think ideally I would create an annotation that could be put on API methods > that indicated if they had a corresponding admin permission, then I could > just inspect the APIs for those annotations. That sounds like a reasonable approach. Can’t think of a downside. Can you? Shawn
