The UserSecurityAdvice.java class has the logic that prevents you from modifying other user's data. http://source.appfuse.org/browse/~raw,r=trunk/appfuse/trunk/service/src/main/java/org/appfuse/service/UserSecurityAdvice.java
I was able to disable this in AppFuse Light by doing the following: 1. Create a new no-op UserSecurityAdvice.java class. http://source.appfuse.org/browse/~raw,r=trunk/appfuse-light/trunk/spring-security/src/main/java/org/appfuse/web/UserSecurityAdvice.java 2. Register it in security.xml, overriding the one in appfuse-service. <!-- Override userSecurityAdvice bean in appfuse-service to allow any role to update a user. --> <beans:bean id="userSecurityAdvice" class="org.appfuse.web.UserSecurityAdvice"/> HTH, Matt On Sun, Feb 8, 2009 at 9:31 AM, Su <yumi...@gmail.com> wrote: > Hi All, > I'm new to appfuse. > I add a new field in User.java, > I'd like to change the field by other user. > But It shows that "Access Denied: Only administrators are allowed to modify > other users". > Is there any way for a user to change the field by other user?their role > are both user. > Maybe create a listener for admin to monitor? > Please hint, > Thank you very much, > Mark Su > >
