On 07/04/2012 13:51, Bob Lannoy wrote: > On Apr 7, 2012 9:30 AM, "Francesco Chicchiriccò" <[email protected]> wrote: >> On 06/04/2012 16:25, Bob Lannoy wrote: >>> Hi guys, >>> >>> I'd like to come back about a requirement that I think would be handy (for >>> me) but seems to make general sense. >>> A user has self read on his own object & memberships but not on the roles >>> that are assigned in that membership. >>> Don't you think that this makes sense? >> Hi Bob, >> first of all: why do you need this? I mean, why a "plain" user should have >> read access to the roles he is member of? >> The first answer that comes to my mind is "to read role attribute's, plain >> derived and virtual, values". > Hi Francesco, > > That's exactly the reason I need it for. I want to have a role hierarchy that > represents some sort of organisational structure. If I inherit attributes I > can get an attribute that's defined on a higher level like > organisation id. That gives me the role + organisational context in one go. > >> Hence, I agree with you, Syncope would definitely need this feature. > Come to think of it, probably the user could get read access on all parent > roles as well.
Hum, as already said, I don't think so. The ability to read the definitions of all ancestors of roles assigned to a certain user is definitely too much, in my opinion. Anyway, if you need such feature that "deviates" from standard Syncope behavior, you can just add a REST method in your own Syncope project and implement any logic you need. >> In such cases, the right way is to fill an issue on JIRA [1] and attach a >> patch [2] (this is the first ASF reference about this topic that I've found). > Ok I'll have go at it after the Easter holidays. > I'm a bit stuck because I'm not able to retrieve the user object in the role > controller. We can work out of this: you can even create an issue without attaching a complete patch. >> Thanks for your work: deployments in real environments with real needs >> is what Syncope needs the most, at the moment! >> >> Regards. > You're welcome, I'm happy to contribute > > Happy Easter Thank you. I wish a Holy Easter to you all. Cheers. -- Francesco Chicchiriccò Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/
