On 06/04/2012 16:25, Bob Lannoy wrote: > Hi guys, > > I'd like to come back about a requirement that I think would be handy (for > me) but seems to make general sense. > A user has self read on his own object & memberships but not on the roles > that are assigned in that membership. > Don't you think that this makes sense?
Hi Bob, first of all: why do you need this? I mean, why a "plain" user should have read access to the roles he is member of? The first answer that comes to my mind is "to read role attribute's, plain derived and virtual, values". Hence, I agree with you, Syncope would definitely need this feature. > I looked a bit at the code and thought that maybe a modification to > the RoleController could do the trick. > Since I'm not well versed in developing and my knowledge about syncope > is limited I'd like to propose a general idea. > I tried to have a go with it with a dirty hack but I'm unable to > recover the user object in the context from which I can get the > memberships. > > This is what I did (added hasRoleMembership method and called in the > condition) > [...] In such cases, the right way is to fill an issue on JIRA [1] and attach a patch [2] (this is the first ASF reference about this topic that I've found). Thanks for your work: deployments in real environments with real needs is what Syncope needs the most, at the moment! Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE [2] http://commons.apache.org/patches.html -- Francesco Chicchiriccò Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/
