2 Replies Latest reply on Dec 31, 2009 12:07 PM by sumathra

    Should Role.getGroups be added specifically to a certain user

    sumathra
      Post user authentication the Identity.addRole method is used to add all roles assigned for a certain user.

      Given the following scenario (Role A, Role B, Role C).
      "Role A" has permissions ["A"]
      "Role B" has permissions ["B"]
      "Role C" has permissions ["C"]

      "Role A".groups contain "Role B" and "Role C"

      I was under the impression that if a user is assigned a role (e.g. "Role A") he will inherit the roles "Role B" and "Role C". But this doesn't seem to be the case, unless I specifically do
      Identity.addRole for "Role A" and the groups associated with it ("Role B" and "Role C").

      Kindly clarify
        • 1. Re: Should Role.getGroups be added specifically to a certain user
          mwohlf

          Hi Kalpana,


          from my experience the user who is assigned Role A in your scenario does inherit the other roles, there is a method in IdentityStore that is exactly for this propose:


             /**
              * Returns a list of all roles that the specified user is a member of.  This list may contain
              * roles that may not have been explicitly granted to the user, which are indirectly implied
              * due to group memberships.
              */
             List<String> getImpliedRoles(String name);



          maybe you forgot to add them in your custom authentication method, you can do this for example:




                  IdentityManager identityManager = IdentityManager.instance();
          
                  for (String role : identityManager.getImpliedRoles(username)) {
                     identity.addRole(role);
                  }
          



          • 2. Re: Should Role.getGroups be added specifically to a certain user
            sumathra

            Thanks that helps.