[
https://issues.apache.org/jira/browse/WICKET-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maurice Marrink updated WICKET-1152:
------------------------------------
Fix Version/s: (was: 1.3.4)
Remaining Estimate: 0h
Original Estimate: 0h
I can reproduce this with the following testcase (see bottom). However judging
by the code this behavior was never intended. the method unauthorize might be
better named removePreviouslyGrantedAuthorization.
I will discuss this on the list.
public void testRemove2()
{
WicketTester tester = new WicketTester();
tester.setupRequestAndResponse();
Label label = new Label("label", "text");
Action mambo = new Action("mambo");
MetaDataRoleAuthorizationStrategy strategy = new
MetaDataRoleAuthorizationStrategy(
new IRoleCheckingStrategy()
{
public boolean hasAnyRole(Roles roles)
{
return false;
}
});
label.setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS,
new ActionPermissions());
MetaDataRoleAuthorizationStrategy.unauthorize(label, mambo,
"johan");
assertFalse(strategy.isActionAuthorized(label, mambo));
tester.processRequestCycle();
tester.destroy();
}
> MetaDataRoleAuthorizationStrategy.unauthorize() doesn't work
> ------------------------------------------------------------
>
> Key: WICKET-1152
> URL: https://issues.apache.org/jira/browse/WICKET-1152
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 1.3.0-rc1
> Reporter: David
> Assignee: Maurice Marrink
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> Try this:
> MetaDataRoleAuthorizationStrategy.unauthorize(this, RENDER, "USER");
> The page will still be rendered for user with USER role.
> The following will work fine to prevent rendering by anybody:
> MetaDataRoleAuthorizationStrategy.authorize(this, RENDER, "");
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
