incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: Users & roles
Date Fri, 30 Mar 2012 12:55:28 GMT
On 30/03/2012 14:48, Bob Lannoy wrote:
> On 30 March 2012 14:29, Colm O hEigeartaigh <coheigea@apache.org> wrote:
>> Hi Bob,
>>
>> I've been running into similar issues.
>>
>>> - /auth/getentitlements doesn't give me the roles of the connected user
>> It gives you the list of entitlements associated with the roles of the
>> connected user. Perhaps this controller should also have a similar
>> method for returning a list of role names of the connected user as
>> well?
> Through the console both are mixed so I confused entitlements with the roles.
> A "getroles" method for the connected user would indeed be handy.
> Ideally it could return the child with its parents
>
> I could try to have a go at it although I'm not a hard core developer ;)

Hi,
let me clarify one point: if role A (with entitlement E) has child role
B, and user U has role B assigned, this DOES NOT IMPLY that user U has
role A assigned as well.

When defining roles, you can choose whether a role will inherit some
information (entitlements, for example) from its parent.

This means, referring to example above, that if B is configured to
inherit entitlements from A, user U will have entitlement E.

Hence, a method like the one above proposed by Colm will not be needed:
when using the self-read REST method (as indicated by Fabio in another
e-mail), you will find such information in UserTO.getRoles().

Regards.

-- 
Francesco Chicchiriccò

Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/


Mime
View raw message