Daniel Keir Haywood created ISIS-3303: -----------------------------------------
Summary: Redefine UserMemento#isSystemUser to instead take into account SudoService#accessAll role Key: ISIS-3303 URL: https://issues.apache.org/jira/browse/ISIS-3303 Project: Isis Issue Type: Improvement Components: Isis Extensions SecMan Affects Versions: 2.0.0-M9 Reporter: Daniel Keir Haywood Assignee: Daniel Keir Haywood Fix For: 2.0.0-RC1 We currently have two very similar notions that are meant to disable permission checking (typically for integration tests), `UserMemento#isSystemUser`, and separately the `SudoService#ACCESS_ALL` role, as set up by the `NoPermissionsCheck` junit 5 extension. However, the `TenantedAuthorizationFacetDefault` is only aware of the former of these, via `UserService#isCurrentUserWithSystemPrivileges`, and because the UserMemento#isSystem is an equality check, the two mechanisms are incompatible. Luckily, `TenantedAuthorizationFacetDefault` is the only usage of this API. Therefore, the purpose of this improvement is to combine these two notions, and refactor names from (real) "system user" (aka root) to (effective) user (aka sudo). -- This message was sent by Atlassian Jira (v8.20.10#820010)