If an service implements and do checks for the permissions then it must have the auth set as true. If any occurrences found then it should be by mistake and service definition should be fix to match.
So I think the behavior we have is correct, whenever we want to check the permission it should have the user in context. Suraj, Any scenario you have in mind where we only require permission service without user? Rishi Solanki Sr Manager, Enterprise Software Development HotWax Systems Pvt. Ltd. Direct: +91-9893287847 http://www.hotwaxsystems.com www.hotwax.co On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <scott.g...@hotwaxsystems.com> wrote: > auth="false" and a permission service are completely incompatible > scenarios. In what situation could you possibly have no userLogin and > successfully run a permission service? > > What would you expect to happen instead of the current behavior? > > Regards > Scott > > On 3 November 2017 at 17:35, Suraj Khurana <suraj.khurana@hotwaxsystems. > com> > wrote: > > > Hello team, > > > > I noticed that in any service definition if auth is set to false and > > permission service is also the service definition, it overrides the auth > > parameter to true by itself. > > > > For quick reference, it is written at *createPermission* method of > > *ModelServiceReader* class. > > Can someone please elaborate this behavior. IMO, this should not happen. > > > > -- > > Thanks and Regards, > > *Suraj Khurana* | Sr. Enterprise Software Engineer > > *HotWax* *Commerce* by *HotWax Systems* > > Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010 > > >