Details
-
Feature Request
-
Resolution: Done
-
Major
-
PLINK_2.5.3.Beta1
-
None
Description
At present, privilege check methods such as those in org.picketlink.idm.model.basic.BasicModel (e.g. isMember(), hasRole(), etc) only perform a check for direct assignment. Indirect privileges, such as those gained from being a member of a group are not currently supported.
The @InheritsPrivileges annotation is intended to allow identity classes and relationships to be configured with a "chain" of privileges, from which a determination can be made as to whether an identity is entitled to a privilege which may be assigned indirectly via a group membership (or other relationship type).
Attachments
Issue Links
- relates to
-
PLINK-322 BasicModel.hasRole should consider roles assigned to the group which the user belongs to
- Resolved