You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Jesse Shaffer (JIRA)" <ji...@apache.org> on 2019/01/17 18:14:00 UTC
[jira] [Commented] (SHIRO-492) Subject.getRoles() functionality
[ https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16745354#comment-16745354 ]
Jesse Shaffer commented on SHIRO-492:
-------------------------------------
Just curious - is there an actual reason to NOT do this? This has been requested so very many times. I actually have a need to list a subject's assigned roles in order to build a menu from a subset of those roles. These roles are user-defined. I do not want to have to go to another system to discover the available roles, then pass all those through the subject to determine if they are assigned. It would be much simpler to just go to the subject and query the assigned roles.
> Subject.getRoles() functionality
> --------------------------------
>
> Key: SHIRO-492
> URL: https://issues.apache.org/jira/browse/SHIRO-492
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: John Vines
> Priority: Major
>
> Currently shiro provides the ability to respond whether or not a user has a list of Authorizations. However, while the realms have methods for getting all authorizations (protected), these are not exposed in normal use to allow asking for all Roles. This should be exposed by adding a call to Subject to getRoles, to complement it's existing hasRoles calls. This may require making some of the calls around authorizations, like getAuthorizationInfo in AuthorizingRealm, public.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)