[jira] [Commented] (SYNCOPE-55) Allow users to read roles assigned to them by membership

Tue, 10 Apr 2012 13:15:43 -0700 

    [ 
https://issues.apache.org/jira/browse/SYNCOPE-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13251019#comment-13251019
 ] 

Bob Lannoy commented on SYNCOPE-55:
-----------------------------------

Ok, your point is valid.
I've made a new patch but I'm a bit struggling since I'm not really a developer.
I can't get a SyncopeUser object in the EntitlementUtil class so I passed a 
userDAO to it in the hasRoleMembership method. I don't know if this was the way 
to go.
I guess that the client lib auditManager should also be extended with a 
RoleSubCategory.selfread. I kept it .read for now.
I created a unit test for it but I'm unable to verify that it does what it is 
supposed to do.

Bottom line, could you guys take over from here ;)
                
> Allow users to read roles assigned to them by membership
> --------------------------------------------------------
>
>                 Key: SYNCOPE-55
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-55
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.0.0-incubating
>            Reporter: Bob Lannoy
>            Assignee: Francesco Chicchiriccò
>              Labels: patch, role, self
>             Fix For: 1.0.0-incubating
>
>         Attachments: patch.txt
>
>
> A user has self read rights on the user object. On the memberships returned 
> the user cannot query the roles that are in the membership.
> I'd like to propose a change that would allow an authenticated user to get 
> the role objects of which he is member.
> This is userful in a scenario where roles contain useful attributes for 
> external applications.
> The proposed change is limited to the role itelf and not its parents since 
> this might divulge too much information.
> I've created a patch for the rolecontrolle. Maybe the additional method could 
> be moved to the entitlementutil class but it has nothing to do with the 
> entitlements themselves and shouldn't be mixed I guess.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to