Local-Role inheritance is broken #2727

2e2a · 2016-09-21T13:38:49Z

The new local role handling introduces in #2672 does not add a acl if it is already set for a parent node.

This does not work with the current way of permission checking:

For each node all principals are checked
If a Deny is found for a role (which is the case in private processes), parents are not checked

joka · 2016-09-29T08:49:20Z

An example is to set a local role for the organisation, then the children with private process do not honour the local role of the parent. Actually we set the local role for each process and not for the organisation, so this issue is not urgent

2e2a · 2016-09-29T09:51:03Z

Possible solution discussed with @joka:

When setting local ACLs do not ignore ACLs of parents
When setting an ACL update all children with local ACLs
Index resources with local ACLs, i.e. resources with workflows and local-roles

2e2a added bug backend prio: high labels Sep 21, 2016

joka removed the prio: high label Sep 29, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Local-Role inheritance is broken #2727

Local-Role inheritance is broken #2727

2e2a commented Sep 21, 2016 •

edited

joka commented Sep 29, 2016 •

edited

2e2a commented Sep 29, 2016

Local-Role inheritance is broken #2727

Local-Role inheritance is broken #2727

Comments

2e2a commented Sep 21, 2016 • edited

joka commented Sep 29, 2016 • edited

2e2a commented Sep 29, 2016

2e2a commented Sep 21, 2016 •

edited

joka commented Sep 29, 2016 •

edited