From 4e5b24b54a945bf8ad55b7ac27908132577835b3 Mon Sep 17 00:00:00 2001
From: Ben Holmes <ben.holmes@it.ox.ac.uk>
Date: Mon, 3 Feb 2014 17:49:35 +0000
Subject: [PATCH] WL-3191 Only count READ roles

When determining which roles are defined for role-based access, only
consider those that grant READ access.

This exists because it is possible to define a role which doesn't grant
read access but will still consider this as role-based access.

This currently blocks adding role-based access and removing it.
---
 .../org/sakaiproject/content/impl/BaseContentService.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java b/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java
index 2d281710..d1c6119b 100644
--- a/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java
+++ b/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java
@@ -9138,7 +9138,9 @@ public Set<String> getRoleViews(final String id) {
 
 		Set<Role> roles = realm.getRoles();
 		for (Role role : roles) {
-			roleIds.add(role.getId());
+			if(role.isAllowed(AUTH_RESOURCE_READ)) {
+				roleIds.add(role.getId());
+			}
 		}
 
 		return roleIds;