Announcement Announcement Module
Collapse
No announcement yet.
Bug in accesscontrollist tag Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bug in accesscontrollist tag

    Description of the tag says :

    Code:
    Allows inclusion of a tag body if the current Authentication
    has one of the specified permissions to the presented
    domain object instance.
    The code is :
    Code:
            List<Object> requiredPermissions = parseHasPermission(hasPermission);
            for(Object requiredPermission : requiredPermissions) {
                if (!permissionEvaluator.hasPermission(authentication, domainObject, requiredPermission)) {
                    return skipBody();
                }
            }
    
            return evalBody();
    This makes the tag skip the body unless the current Authentication has all permissions rather than one.

    I tried looking around for this issue but only found this thread from 2012 (http://forum.springsource.org/showth...esscontrollist) and this commit (https://github.com/SpringSource/spri...32b02849f009fd) which seems to be the mentionned fix in that thread.

    Since we're in the process of upgrading from Acegi to Spring Security 3, I would like to know if this behavior is correct or if a fix is planned in the coming days before we change all our security tags.

    Thanks!
Working...
X