directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pike <clp...@psu.edu>
Subject Re: Load Admin Permissions
Date Wed, 17 May 2017 18:21:30 GMT
Shawn,

Started working on this. I don't think DelegatedAdminManagerLoad.xml has everything... for
example in GroupMgr, I think roleGroups needs one, but don't see it in the xml file. Do you
concur?

Is it correct to assume that anywhere I see this line

checkAccess( CLS_NM, methodName );

it needs to have an admin permission operation?

~Chris



----- Original Message -----
From: "Chris Pike" <clp207@psu.edu>
To: fortress@directory.apache.org
Sent: Tuesday, May 16, 2017 8:46:33 AM
Subject: Re: Load Admin Permissions

I don't see any downside.

https://issues.apache.org/jira/browse/FC-210



----- Original Message -----
From: "Shawn McKinney" <smckinney@apache.org>
To: fortress@directory.apache.org
Sent: Monday, May 15, 2017 4:35:15 PM
Subject: Re: Load Admin Permissions

> On May 15, 2017, at 3:23 PM, Chris Pike <clp207@psu.edu> wrote:
> 
> It looks like the addPermissionAttributeSet is missing from that. I think DelegatedAdminManagerLoad.xml
has everything, but not sure if there is an easy way to read that file. 

which should be corrected, as it means we don’t have an admin permission yet and aren’t
testing it usage properly.  

I agree with your assessment, prolly no to use the test class that isn’t a hack.  In any
case that class resides in the test jar and I doubt you’d want to add that dependency to
your prod envs, nor would I.

> 
> On May 15, 2017, at 3:23 PM, Chris Pike <clp207@psu.edu> wrote:
> 
> I think ideally I would create an annotation that could be put on API methods that indicated
if they had a corresponding admin permission, then I could just inspect the APIs for those
annotations.

That sounds like a reasonable approach.  Can’t think of a downside.  Can you?

Shawn

Mime
View raw message