[CLK-724] Menu#isUserInRoles should check if user has access to menus without roles - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.0-M1
Component/s: core
Labels:
None

Description

Menu#isUserInRole currently assumes that if a menu has no roles defined, the user cannot access to it.

I think it would be better to invoke the AcessController#hasAccess with a null or empty ("") role, allowing the AccessController implementation to decide whether or not the user has access.

While the Servlet spec isn't explicit on this, in Tomcat, request.isUserInRole returns true if null is passed in. In other words, in Tomcat, the user has access to the "null" role.

Attachments

Activity

People

Assignee:: Bob Schellink

Reporter:: Bob Schellink

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Oct/10 23:02

Updated:: 14/Nov/10 11:59

Resolved:: 14/Nov/10 11:59