This is an automated email from the ASF dual-hosted git repository. joergrade pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push: new bde72563b1 ISIS-3073 new sentence starts on a new line bde72563b1 is described below commit bde72563b16a57d45bd6be59ba2c54ece32e5082 Author: Jörg Rade <joerg.r...@kuehne-nagel.com> AuthorDate: Mon Jun 13 19:04:36 2022 +0200 ISIS-3073 new sentence starts on a new line --- security/shiro/src/main/adoc/modules/shiro/pages/about.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc index 1d89fb2091..ef998cd0ac 100644 --- a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc +++ b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc @@ -324,7 +324,8 @@ This is probably best explained by an example. Suppose that a user has both `admin_role` and `user_role`; we would want the `admin_role` to trump the vetos of the `user_role`, in other words to give the user access to everything. :asterisk: * -Because of the permission groups, the two `!reg/...` vetos in `user_role` only veto out selected permissions granted by the ``reg/{asterisk}`` permissions, but they do not veto the permissions granted by a different scope, namely `adm/*`. In this case the prefixes in ``reg/{asterisk}`` and ``adm/{asterisk}`` are required to make the patterns unique. +Because of the permission groups, the two `!reg/...` vetos in `user_role` only veto out selected permissions granted by the ``reg/{asterisk}`` permissions, but they do not veto the permissions granted by a different scope, namely `adm/*`. +In this case the prefixes in ``reg/{asterisk}`` and ``adm/{asterisk}`` are required to make the patterns unique. The net effect is therefore what we would want: that a user with both `admin_role` and `user_role` would have access to everything, irrespective of those two veto permissions of the `user_role`.