Hi Ludwig, You're right, from what I can understand, you need to invalid the user's session and let the user login again to get the new ACL created since it's immutable throughout the session. Best
David -----Original Message----- From: Ludwig Magnusson [mailto:[email protected]] Sent: Friday, April 23, 2010 4:45 AM To: 'Turbine Users List' Subject: Modifying the ACL Hi! I have understood that when a user logs in to a Turbine site, the ACL is created for him and he then has that ACL until he logs out. However, I want to give certain users the right to modify their own ACLs. I can't make them get the new roles assigned without making them logout and login again first. What am I doing wrong? Here is my (pseudo) code: TurbineSecurity.grant(data.getUser(), newGroup, newRole); data.setACL(TurbineSecurity.getACL(data.getUser())); data.save(); Is something missing or have I misunderstood something? Does the new ACL need to be saved into the session specifically? /Ludwig --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
