Daniel Keir Haywood created ISIS-3303:
-----------------------------------------
Summary: Redefine UserMemento#isSystemUser to instead take into
account SudoService#accessAll role
Key: ISIS-3303
URL: https://issues.apache.org/jira/browse/ISIS-3303
Project: Isis
Issue Type: Improvement
Components: Isis Extensions SecMan
Affects Versions: 2.0.0-M9
Reporter: Daniel Keir Haywood
Assignee: Daniel Keir Haywood
Fix For: 2.0.0-RC1
We currently have two very similar notions that are meant to disable permission
checking (typically for integration tests), `UserMemento#isSystemUser`, and
separately the `SudoService#ACCESS_ALL` role, as set up by the
`NoPermissionsCheck` junit 5 extension.
However, the `TenantedAuthorizationFacetDefault` is only aware of the former of
these, via `UserService#isCurrentUserWithSystemPrivileges`, and because the
UserMemento#isSystem is an equality check, the two mechanisms are incompatible.
Luckily, `TenantedAuthorizationFacetDefault` is the only usage of this API.
Therefore, the purpose of this improvement is to combine these two notions, and
refactor names from (real) "system user" (aka root) to (effective) user (aka
sudo).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
