You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Guillaume Leger (JIRA)" <ji...@apache.org> on 2014/11/08 03:03:33 UTC

[jira] [Commented] (SHIRO-492) Subject.getRoles() functionality

    [ https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14203136#comment-14203136 ] 

Guillaume Leger commented on SHIRO-492:
---------------------------------------

To add on to what John is saying, it would be great to be able to do this with a user's permission set as well. 
Our users typically only have a few permissions. It doesn't make sense to iterate through all of our system's data and check whether they have access to each resource rather than simply load the ones they have permissions for.  

> Subject.getRoles() functionality
> --------------------------------
>
>                 Key: SHIRO-492
>                 URL: https://issues.apache.org/jira/browse/SHIRO-492
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>            Reporter: John Vines
>
> Currently shiro provides the ability to respond whether or not a user has a list of Authorizations. However, while the realms have methods for getting all authorizations (protected), these are not exposed in normal use to allow asking for all Roles. This should be exposed by adding a call to Subject to getRoles, to complement it's existing hasRoles calls. This may require making some of the calls around authorizations, like getAuthorizationInfo in AuthorizingRealm, public. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)