Description
the current code avoids retrieving the ac policy only if both the configured user and group privileges are empty. this be improved by comparing the configured privileges with the type of the authorizable to be processed. Instead of
if (groupPrivilegeNames.length == 0 && userPrivilegeNames.length == 0) { log.debug("No privileges configured for groups and users; omit ac setup."); return; }
and later testing for >1 privileges again it should do something like
if (groupPrivilegeNames.length == 0 && authorizable.isGroup()) { // log + return } else if (userPrivilegeNames.length == 0 && !authorizable.isGroup()) { // log + return }
alex.parvulescu, fyi.