You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@click.apache.org by "Bob Schellink (JIRA)" <ji...@apache.org> on 2010/10/27 01:04:19 UTC

[jira] Created: (CLK-724) Menu#isUserInRoles should check if user has access to menus without roles

Menu#isUserInRoles should check if user has access to menus without roles
-------------------------------------------------------------------------

                 Key: CLK-724
                 URL: https://issues.apache.org/jira/browse/CLK-724
             Project: Click
          Issue Type: Improvement
          Components: core
            Reporter: Bob Schellink
            Priority: Minor


Menu#isUserInRole currently assumes that if a menu has no roles defined, the user cannot access to it.

I think it would be better to invoke the AcessController#hasAccess with a null or empty ("") role, allowing the AccessController implementation to decide whether or not the user has access.

While the Servlet spec isn't explicit on this, in Tomcat, request.isUserInRole returns true if null is passed in. In other words, in Tomcat, the user has access to the "null" role.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (CLK-724) Menu#isUserInRoles should check if user has access to menus without roles

Posted by "Bob Schellink (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLK-724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bob Schellink resolved CLK-724.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 2.3.0-M1
         Assignee: Bob Schellink

Done. Null is passed to AccessController#hasAccess if the Menu has no roles defined

> Menu#isUserInRoles should check if user has access to menus without roles
> -------------------------------------------------------------------------
>
>                 Key: CLK-724
>                 URL: https://issues.apache.org/jira/browse/CLK-724
>             Project: Click
>          Issue Type: Improvement
>          Components: core
>            Reporter: Bob Schellink
>            Assignee: Bob Schellink
>            Priority: Minor
>             Fix For: 2.3.0-M1
>
>
> Menu#isUserInRole currently assumes that if a menu has no roles defined, the user cannot access to it.
> I think it would be better to invoke the AcessController#hasAccess with a null or empty ("") role, allowing the AccessController implementation to decide whether or not the user has access.
> While the Servlet spec isn't explicit on this, in Tomcat, request.isUserInRole returns true if null is passed in. In other words, in Tomcat, the user has access to the "null" role.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.