You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@causeway.apache.org by "Daniel Keir Haywood (Jira)" <ji...@apache.org> on 2023/03/08 17:21:00 UTC
[jira] [Closed] (CAUSEWAY-3303) Redefine UserMemento#isSystemUser to instead take into account SudoService#accessAll role
[ https://issues.apache.org/jira/browse/CAUSEWAY-3303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Keir Haywood closed CAUSEWAY-3303.
-----------------------------------------
Resolution: Fixed
> Redefine UserMemento#isSystemUser to instead take into account SudoService#accessAll role
> -----------------------------------------------------------------------------------------
>
> Key: CAUSEWAY-3303
> URL: https://issues.apache.org/jira/browse/CAUSEWAY-3303
> Project: Causeway
> Issue Type: Improvement
> Components: Extensions SecMan
> Affects Versions: 2.0.0-M9
> Reporter: Daniel Keir Haywood
> Assignee: Daniel Keir Haywood
> Priority: Minor
> Fix For: 2.0.0-RC1
>
>
> We currently have two very similar notions that are meant to disable permission checking (typically for integration tests), `UserMemento#isSystemUser`, and separately the `SudoService#ACCESS_ALL` role, as set up by the `NoPermissionsCheck` junit 5 extension.
> However, the `TenantedAuthorizationFacetDefault` is only aware of the former of these, via `UserService#isCurrentUserWithSystemPrivileges`, and because the UserMemento#isSystem is an equality check, the two mechanisms are incompatible.
> Luckily, `TenantedAuthorizationFacetDefault` is the only usage of this API. Therefore, the purpose of this improvement is to combine these two notions, and refactor names from (real) "system user" (aka root) to (effective) user (aka sudo).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)