| The caching is done per user only in the access manager instance that is created for each user with his/her own permission list ( which is why you need to relogin after changing). The only reason I could think for the strange behavior you observe is that you are not saving something somewhere ... double checking your code ... hmm, I think I got it now. There seem to be a bug. The RoleEditDialog is a nasty beast that wipes out all permissions and re-creates them from scratch (there are some historical reasons for that which I'm not going to explain now). Now, to the (possible) bug: addPermission() method saves permission (which is a number) as a String. The RoleEditDialog saveACLs() otoh saves permissions as numbers. Because of it's nasty way of treating the permissions and because of the roundtrip via form where everything is anyway converted to strings, it might be just correcting the erroneous values from MgnlRole.addPermission() call. Attached is the MgnlRole that saves permissions as number instead. Could you confirm that replacing this class in /info/magnolia/cms/security fixes your issue? If so, please just create an issue and I'll commit the fix once I get around to also write a test for it (which I'm not going to on Sunday night). Thanks, Jan ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ---------------------------------------------------------------- |
role.tar.gz
Description: GNU Zip compressed data
On Nov 5, 2010, at 3:48 PM, Ernst Bunders wrote:
- Best regards, Jan Haderka, PhD. Magnolia International Ltd. -------------------------------------- Magnolia® - Simple Open-Source Content Management |
