You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2022/05/18 06:10:03 UTC

[isis] branch master updated: ISIS-2965: updates docs for SudoService

This is an automated email from the ASF dual-hosted git repository.

danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git


The following commit(s) were added to refs/heads/master by this push:
     new bd738fea69 ISIS-2965: updates docs for SudoService
bd738fea69 is described below

commit bd738fea691f865f9a865c2f594823295788f5a5
Author: Dan Haywood <da...@haywood-associates.co.uk>
AuthorDate: Wed May 18 07:09:51 2022 +0100

    ISIS-2965: updates docs for SudoService
---
 .../hooks/SudoService_020-examples-and-usage.adoc  | 36 +++++++---------------
 1 file changed, 11 insertions(+), 25 deletions(-)

diff --git a/antora/components/refguide-index/modules/applib/pages/index/services/sudo/hooks/SudoService_020-examples-and-usage.adoc b/antora/components/refguide-index/modules/applib/pages/index/services/sudo/hooks/SudoService_020-examples-and-usage.adoc
index 75132e7ade..61e3edfe87 100644
--- a/antora/components/refguide-index/modules/applib/pages/index/services/sudo/hooks/SudoService_020-examples-and-usage.adoc
+++ b/antora/components/refguide-index/modules/applib/pages/index/services/sudo/hooks/SudoService_020-examples-and-usage.adoc
@@ -15,7 +15,7 @@ Or, this fixture script uses the `SudoService` to set up `ToDoItem` objects:
 ----
 protected void execute(final ExecutionContext ec) {
     ...
-    sudoService.sudo(
+    sudoService.call(
         InteractionContext.switchUser(UserMemento.ofName("joe")),
         () -> wrap(toDoItem).completed()
     );
@@ -24,45 +24,31 @@ protected void execute(final ExecutionContext ec) {
 ----
 
 
-== Interaction with Shiro
+== Disabling permission checks
 
-When `sudo(...)` is called the "effective user" is reported by  xref:refguide:applib:index/services/user/UserService.adoc[UserService].
-However, it does _not_ propagate through to the xref:security:ROOT:about.adoc[Shiro security mechanism], which continue to be evaluated according to the permissions of the current user.
+Sometimes it's useful to be able to "switch off" security checks, for example when running in initial seed scripts or fixtures that use the xref:refguide:applib:index/services/wrapper/WrapperFactory.adoc[WrapperFactory].
+This can be done using any user that has the special xref:refguide:applib:index/services/sudo/SudoService.adoc#ACCESS_ALL_ROLE[ACCESS_ALL_ROLE] role.
 
-This can be a problem in certain use cases.
-For example if running a fixture script (which uses the xref:refguide:applib:index/services/wrapper/WrapperFactory.adoc[WrapperFactory]) from within an implementation of xref:refguide:applib:index/services/userreg/UserRegistrationService.adoc[UserRegistrationService], this is likely to result in ``HiddenException``s being thrown because there is no effective user.
-
-In such cases, permission checking can simply be disabled by specifying `SudoService.ACCESS_ALL_ROLE` as one of the roles.
 For example:
 
 [source,java]
 ----
 protected void execute(final ExecutionContext ec) {
     ...
-    ExecutionContext ec =
-        ExecutionContext.ofUserWithSystemDefaults(
-            UserMemento.ofNameAndRoleNames("joe", SudoService.ACCESS_ALL_ROLE)));
-
-    sudoService.sudo(ec, () -> wrap(toDoItem).completed());
+    sudoService.sudo(InteractionContext.switchUser(
+            UserMemento.ofNameAndRoles("seed-user", SudoService.ACCESS_ALL_ROLE),
+            () -> { /* ... */ }
+    );
     ...
 }
 ----
 
-[NOTE]
-====
-In the future this service may be used more deeply, eg to propagate permissions through to the Shiro security mechanism also.
-====
-
-
 
 
 
 == See also
 
-* xref:refguide:applib:index/services/iactn/ExecutionContext.adoc[ExecutionContext]
-
-* xref:refguide:applib:index/services/sudo/SudoServiceListener.adoc[SudoServiceListener]
-
-* the `InteractionFactory` is a lower-level framework (non-API) service, that provides the ability to programmatically start a new "interaction"; these can be nested.
-
+* xref:refguide:applib:index/services/iactnlayer/InteractionContext.adoc[]
+* xref:refguide:applib:index/services/iactnlayer/InteractionService.adoc[InteractionService]
+* xref:refguide:applib:index/services/wrapper/WrapperFactory.adoc[WrapperFactory]