Skip to content
This repository has been archived by the owner on Oct 29, 2019. It is now read-only.

Commit

Permalink
WL-3191 Only count READ roles
Browse files Browse the repository at this point in the history 
When determining which roles are defined for role-based access, only
consider those that grant READ access.

This exists because it is possible to define a role which doesn't grant
read access but will still consider this as role-based access.

This currently blocks adding role-based access and removing it.
  • Loading branch information
Ben Holmes committed Feb 3, 2014
1 parent e351a72 commit 4e5b24b
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java
View file
Expand Up @@ -9138,7 +9138,9 @@ public Set<String> getRoleViews(final String id) {

Set<Role> roles = realm.getRoles();
for (Role role : roles) {
roleIds.add(role.getId());
if(role.isAllowed(AUTH_RESOURCE_READ)) {
roleIds.add(role.getId());
}
}

return roleIds;
Expand Down

2 comments on commit 4e5b24b

@buckett
Copy link
Member

@buckett buckett commented on 4e5b24b Feb 4, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite your full commit message, why should we only return roles that can read resources?

@buckett
Copy link
Member

@buckett buckett commented on 4e5b24b Feb 4, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the discussion in the room there is already code in BaseContentService that does these permission checks and this is just bringing this method "into line".

Please sign in to comment.