On 16/03/2012 17:22, Colm O hEigeartaigh wrote:
Following on from my questions about users, here are some questions
about roles...
1) Should there be a ROLE_LIST entitlement added by default?
RoleController.list() currently has no authorization so anyone can
list the roles. Should there also be a RoleController.count() method
with the same entitlement as per the UserController?
ROLE_LIST entitlement used to exist as plain entitlement, but was
removed (and RoleController.list() made public) alongside with some
other entitlements, when self registration feature was added to the console.
If a user wants to do self register, he should have access as anonymous
- to some information: role list, schema list, ...
We can, of course, discuss and see if there is any better way to handle
such situation!
2) Is it possible to search for a role? I couldn't find any
functionality to do this.
Currently, not: good feature for roadmap?
3) RoleController.delete() does not return the deleted RoleTO object,
unlike the corresponding method in UserController. It also uses the
HTTP delete verb instead of get as per the UserController. I suggest
there should be consistent behaviour for delete across the
controllers.
Actually, all REST controller's delete() have void as return type:
personally, I did not even notice that UserController's return type was
changed: Fabio, do you know why?
4) From the wiki - "currently roles cannot be propagated". Is this
just for virtual attributes or for any attributes?
Roles (and their attributes) are not considered at all, when propagating.
Are there any plans to support this?
Actually... yes! Such features was already in pre-ASF roadmap.
Looks like we should start gathering all these roadmap hints somewhere:
a wiki page? Any volunteer for this?
Regards.
--
Francesco Chicchiriccò
Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
