[SYNCOPE-55] Allow users to read roles assigned to them by membership - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.0-incubating
Fix Version/s: 1.0.0-incubating
Component/s: core
Labels:
- patch
- role
- self

Description

A user has self read rights on the user object. On the memberships returned the user cannot query the roles that are in the membership.
I'd like to propose a change that would allow an authenticated user to get the role objects of which he is member.
This is userful in a scenario where roles contain useful attributes for external applications.
The proposed change is limited to the role itelf and not its parents since this might divulge too much information.

I've created a patch for the rolecontrolle. Maybe the additional method could be moved to the entitlementutil class but it has nothing to do with the entitlements themselves and shouldn't be mixed I guess.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch.txt
10/Apr/12 20:14
6 kB
Bob Lannoy

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Bob Lannoy

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Apr/12 19:36

Updated:: 27/Apr/12 07:33

Resolved:: 11/Apr/12 07:51