Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
Description
Scenario
Let say there are 5 users which have special privileges.
Instead of assigning to each user all the necessary roles and groups a special group is created (e.g. GSPECIAL)
Add groups publisher and editor to group GSPECIAL and add as many roles as necessary to group GSPECIAL.
Then add each of 5 users to group GSPECIAL.
Problem #1:
Inbox notification does not work.
None of the members of GSPECIAL have a direct relationship with groups "publisher" and "editor" which are necessary for Inbox notification..However, users DO belong to those groups via indirect group membership...
Problem #2:
Role inheritance does not work.
Getting user roles via API returns only direct assigned roles. In our scenrio that means none of the 5 users have roles defines which is not true. All 5 users have indirect roles defined via group membership.
Perhaps my logic is flawed but if a user is a member of a group which in turn has other groups and roles than that user shold inherit all those roles and groups along with their privileges....
Workaround:
Assign groups and roles directly to user.
Quick solution:
Disable assigning groups and roles in group dialog or abandon groups allthogether (bad idea). I am sure workflow can be based off of roles in that case...
Checklists
Attachments
Issue Links
- is related to
-
MAGNOLIA-1594 Extend User API to allow fetching all roles and groups assigned to user via getRoles() and getGroups() methods
-
- Closed
-