[
https://issues.apache.org/jira/browse/ISIS-3303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17644741#comment-17644741
]
ASF subversion and git services commented on ISIS-3303:
-------------------------------------------------------
Commit 9cce8147b08c20321018d13c497446ae752344ca in isis's branch
refs/heads/ISIS-3303 from Dan Haywood
[ https://gitbox.apache.org/repos/asf?p=isis.git;h=9cce8147b0 ]
ISIS-3303: reworks UserMemento#isSystem to instead be a check for
SudoService#ACCESS_ALL_ROLE
> Redefine UserMemento#isSystemUser to instead take into account
> SudoService#accessAll role
> -----------------------------------------------------------------------------------------
>
> Key: ISIS-3303
> URL: https://issues.apache.org/jira/browse/ISIS-3303
> Project: Isis
> Issue Type: Improvement
> Components: Isis Extensions SecMan
> Affects Versions: 2.0.0-M9
> Reporter: Daniel Keir Haywood
> Assignee: Daniel Keir Haywood
> Priority: Minor
> Fix For: 2.0.0-RC1
>
>
> We currently have two very similar notions that are meant to disable
> permission checking (typically for integration tests),
> `UserMemento#isSystemUser`, and separately the `SudoService#ACCESS_ALL` role,
> as set up by the `NoPermissionsCheck` junit 5 extension.
> However, the `TenantedAuthorizationFacetDefault` is only aware of the former
> of these, via `UserService#isCurrentUserWithSystemPrivileges`, and because
> the UserMemento#isSystem is an equality check, the two mechanisms are
> incompatible.
> Luckily, `TenantedAuthorizationFacetDefault` is the only usage of this API.
> Therefore, the purpose of this improvement is to combine these two notions,
> and refactor names from (real) "system user" (aka root) to (effective) user
> (aka sudo).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
