我在问是否有办法让用户的权限继承自他指定的角色和组。
当我为特定角色分配权限并将一个用户分配给此角色时,我无法获得从其角色继承的权限。
User john = new User("john");
john.setEmail("john@acme.com");
john.setFirstName("John");
john.setLastName("Smith");
IdentityManager identityManager = this.partitionManager.createIdentityManager();
identityManager.add(john);
identityManager.updateCredential(john, new Password("demo"));
Role superuser = new Role("superuser");
identityManager.add(superuser);
Role superuser = new Role("superuser");
identityManager.add(superuser);
// Create group "sales"
Group sales = new Group("sales");
identityManager.add(sales);
RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
PermissionManager permissionManager = partitionManager.createPermissionManager();
// Make john a member of the "sales" group
addToGroup(relationshipManager, john, sales);
// Make mary a manager of the "sales" group
grantGroupRole(relationshipManager, john, superuser, sales);
// Grant the "superuser" application role to john
grantRole(relationshipManager, john, superuser);
// permissionManager.grantPermission(john, "ticket", "read");
//permissionManager.grantPermission(sales,"ticket", "read");
permissionManager.grantPermission(sales,"ticket", "read");
List<Permission> permissionsList=permissionManager.listPermissions(john);
if (permissionsList==null || permissionsList.isEmpty())
System.err.println("User John doesn't have a permission list");
for (Permission per:permissionsList){
System.out.println("User John permitted: "+per.getOperation()+" on "+per.getResource());
}
这是输出:
11:38:07,102 ERROR [stderr] (ServerService Thread Pool -- 110) User John doesn't have a permission list
是否有任何API可以解决此问题?
答案 0 :(得分:0)
“例如,假设我们有一个角色,它提供对文件的读访问权。如果您将此角色授予用户,他们将从他们被授予的角色继承所有特权/权限。”
但是,如果直接调用permissionManager.listPermissions(user),此方法不会为您提供从其角色继承的权限。
您需要调用identity.hasPermission("ticket", "read")才能使其工作(身份是当前用户的实例,可以通过注入@Inject身份标识来获取;)。在这种情况下,当前用户将根据其角色继承所有权限。