Hi! I have understood that when a user logs in to a Turbine site, the ACL is created for him and he then has that ACL until he logs out. However, I want to give certain users the right to modify their own ACLs. I can't make them get the new roles assigned without making them logout and login again first. What am I doing wrong?
Here is my (pseudo) code: TurbineSecurity.grant(data.getUser(), newGroup, newRole); data.setACL(TurbineSecurity.getACL(data.getUser())); data.save(); Is something missing or have I misunderstood something? Does the new ACL need to be saved into the session specifically? /Ludwig
