brusdev opened a new pull request, #6232: URL: https://github.com/apache/artemis/pull/6232
The canInvoke method received operation names with parameter signatures (e.g., "deleteAddress(java.lang.String)"), while invoke received them without signatures (e.g., "deleteAddress"). This caused the RBAC address built by canInvoke to differ from the one built by invoke, leading to permission check mismatches that prevented the console from properly hiding unauthorized menu items. This fix normalizes operation names by stripping parameter signatures before building RBAC addresses in both canInvoke and invoke. Also changes null operation checks to require VIEW instead of EDIT permission, allowing users to see MBeans they have view access to. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
