[
https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16745354#comment-16745354
]
Jesse Shaffer commented on SHIRO-492:
-------------------------------------
Just curious - is there an actual reason to NOT do this? This has been
requested so very many times. I actually have a need to list a subject's
assigned roles in order to build a menu from a subset of those roles. These
roles are user-defined. I do not want to have to go to another system to
discover the available roles, then pass all those through the subject to
determine if they are assigned. It would be much simpler to just go to the
subject and query the assigned roles.
> Subject.getRoles() functionality
> --------------------------------
>
> Key: SHIRO-492
> URL: https://issues.apache.org/jira/browse/SHIRO-492
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: John Vines
> Priority: Major
>
> Currently shiro provides the ability to respond whether or not a user has a
> list of Authorizations. However, while the realms have methods for getting
> all authorizations (protected), these are not exposed in normal use to allow
> asking for all Roles. This should be exposed by adding a call to Subject to
> getRoles, to complement it's existing hasRoles calls. This may require making
> some of the calls around authorizations, like getAuthorizationInfo in
> AuthorizingRealm, public.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
