Hi, >> ROLE_LIST entitlement used to exist as plain entitlement, but was removed >> (and RoleController.list() made public) alongside with some other >> entitlements, when self registration feature was added to the console. >> If a user wants to do self register, he should have access as anonymous - >> to some information: role list, schema list, ...
Ok I see. However, not every deployer of Syncope will want to allow self-registration or anonymous access to role information via the REST API. >> Currently, not: good feature for roadmap? I've added the following: https://issues.apache.org/jira/browse/SYNCOPE-44 > Of course. This information is needed by the administration console in order > to provide a detailed feedback about a deleted user. > Actually, I think that we could provide the same information in case of role > and membership as well. Will I create a JIRA for this? All delete operations should return the deleted object via HTTP GET? Thanks, Colm. On Fri, Mar 16, 2012 at 4:46 PM, Fabio Martelli <[email protected]> wrote: > > Il giorno 16/mar/2012, alle ore 17.33, Francesco Chicchiriccò ha scritto: > >> On 16/03/2012 17:22, Colm O hEigeartaigh wrote: >>> Following on from my questions about users, here are some questions >>> about roles... >>> >>> 1) Should there be a ROLE_LIST entitlement added by default? >>> RoleController.list() currently has no authorization so anyone can >>> list the roles. Should there also be a RoleController.count() method >>> with the same entitlement as per the UserController? >> >> ROLE_LIST entitlement used to exist as plain entitlement, but was removed >> (and RoleController.list() made public) alongside with some other >> entitlements, when self registration feature was added to the console. >> If a user wants to do self register, he should have access as anonymous - >> to some information: role list, schema list, ... >> >> We can, of course, discuss and see if there is any better way to handle such >> situation! >> >>> 2) Is it possible to search for a role? I couldn't find any >>> functionality to do this. >> >> Currently, not: good feature for roadmap? >> >>> 3) RoleController.delete() does not return the deleted RoleTO object, >>> unlike the corresponding method in UserController. It also uses the >>> HTTP delete verb instead of get as per the UserController. I suggest >>> there should be consistent behaviour for delete across the >>> controllers. >> >> Actually, all REST controller's delete() have void as return type: >> personally, I did not even notice that UserController's return type was >> changed: Fabio, do you know why? > > Of course. This information is needed by the administration console in order > to provide a detailed feedback about a deleted user. > Actually, I think that we could provide the same information in case of role > and membership as well. > >>> 4) From the wiki - "currently roles cannot be propagated". Is this >>> just for virtual attributes or for any attributes? >> >> Roles (and their attributes) are not considered at all, when propagating. >> >>> Are there any plans to support this? >> >> Actually... yes! Such features was already in pre-ASF roadmap. >> >> Looks like we should start gathering all these roadmap hints somewhere: a >> wiki page? Any volunteer for this? >> >> Regards. >> >> -- >> Francesco Chicchiriccò >> >> Apache Cocoon PMC and Apache Syncope PPMC Member >> http://people.apache.org/~ilgrosso/ >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
