On Apr 7, 2012 9:30 AM, "Francesco Chicchiriccò" <[email protected]> wrote: > > On 06/04/2012 16:25, Bob Lannoy wrote: > > Hi guys, > > > > I'd like to come back about a requirement that I think would be handy (for me) but seems to make general sense. > > A user has self read on his own object & memberships but not on the roles that are assigned in that membership. > > Don't you think that this makes sense? > > Hi Bob, > first of all: why do you need this? I mean, why a "plain" user should > have read access to the roles he is member of? > The first answer that comes to my mind is "to read role attribute's, > plain derived and virtual, values".
Hi Francesco, That's exactly the reason I need it for. I want to have a role hierarchy that represents some sort of organisational structure. If I inherit attributes I can get an attribute that's defined on a higher level like organisation id. That gives me the role + organisational context in one go. > Hence, I agree with you, Syncope would definitely need this feature. Come to think of it, probably the user could get read access on all parent roles as well. > > In such cases, the right way is to fill an issue on JIRA [1] and attach > a patch [2] (this is the first ASF reference about this topic that I've > found). Ok I'll have go at it after the Easter holidays. I'm a bit stuck because I'm not able to retrieve the user object in the role controller. > Thanks for your work: deployments in real environments with real needs > is what Syncope needs the most, at the moment! > > Regards. You're welcome, I'm happy to contribute Happy Easter Bob
