You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2014/07/17 14:31:05 UTC

[jira] [Created] (ISIS-840) "Permission groups" for IsisPermission (custom security string for Shiro) not working as advertised.

Dan Haywood created ISIS-840:
--------------------------------

             Summary: "Permission groups" for IsisPermission (custom security string for Shiro) not working as advertised.
                 Key: ISIS-840
                 URL: https://issues.apache.org/jira/browse/ISIS-840
             Project: Isis
          Issue Type: Bug
            Reporter: Dan Haywood
            Assignee: Dan Haywood


Per docs [1]

user_role   = !reg/org.estatio.api,\
              !reg/org.estatio.webapp.services.admin,\
              reg/* ;
admin_role = adm/*

then a user with both user_role and admin_role should have access to everything, because the two vetos in the "reg" group do not veto the permission provided in the "adm" group.

~~~
Tracking this down showed the issue to be a reliance on equals() implementation in IsisPermission.

[1] http://isis.apache.org/components/security/shiro/format-of-permissions.html



--
This message was sent by Atlassian JIRA
(v6.2#6252)