Skip to content
This repository has been archived by the owner on Jun 20, 2023. It is now read-only.

Local-Role inheritance is broken #2727

Open
2e2a opened this issue Sep 21, 2016 · 2 comments
Open

Local-Role inheritance is broken #2727

2e2a opened this issue Sep 21, 2016 · 2 comments

Comments

@2e2a
Copy link
Contributor

2e2a commented Sep 21, 2016

The new local role handling introduces in #2672 does not add a acl if it is already set for a parent node.

This does not work with the current way of permission checking:

  • For each node all principals are checked
  • If a Deny is found for a role (which is the case in private processes), parents are not checked
@joka
Copy link
Collaborator

joka commented Sep 29, 2016

An example is to set a local role for the organisation, then the children with private process do not honour the local role of the parent. Actually we set the local role for each process and not for the organisation, so this issue is not urgent

@joka joka removed the prio: high label Sep 29, 2016
@2e2a
Copy link
Contributor Author

2e2a commented Sep 29, 2016

Possible solution discussed with @joka:

  • When setting local ACLs do not ignore ACLs of parents
  • When setting an ACL update all children with local ACLs
  • Index resources with local ACLs, i.e. resources with workflows and local-roles

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants