Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-55

Allow users to read roles assigned to them by membership

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0-incubating
    • Fix Version/s: 1.0.0-incubating
    • Component/s: core
    • Labels:

      Description

      A user has self read rights on the user object. On the memberships returned the user cannot query the roles that are in the membership.
      I'd like to propose a change that would allow an authenticated user to get the role objects of which he is member.
      This is userful in a scenario where roles contain useful attributes for external applications.
      The proposed change is limited to the role itelf and not its parents since this might divulge too much information.

      I've created a patch for the rolecontrolle. Maybe the additional method could be moved to the entitlementutil class but it has nothing to do with the entitlements themselves and shouldn't be mixed I guess.

        Attachments

        1. patch.txt
          6 kB
          Bob Lannoy

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              blannoy Bob Lannoy
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: