Uploaded image for project: 'Click'
  1. Click
  2. CLK-724

Menu#isUserInRoles should check if user has access to menus without roles

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.0-M1
    • Component/s: core
    • Labels:
      None

      Description

      Menu#isUserInRole currently assumes that if a menu has no roles defined, the user cannot access to it.

      I think it would be better to invoke the AcessController#hasAccess with a null or empty ("") role, allowing the AccessController implementation to decide whether or not the user has access.

      While the Servlet spec isn't explicit on this, in Tomcat, request.isUserInRole returns true if null is passed in. In other words, in Tomcat, the user has access to the "null" role.

        Activity

        Hide
        sabob Bob Schellink added a comment -

        Done. Null is passed to AccessController#hasAccess if the Menu has no roles defined

        Show
        sabob Bob Schellink added a comment - Done. Null is passed to AccessController#hasAccess if the Menu has no roles defined

          People

          • Assignee:
            sabob Bob Schellink
            Reporter:
            sabob Bob Schellink
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development