-
Bug
-
Resolution: Fixed
-
Major
-
3.0.0, 2.0.6
-
None
-
Empty show more show less
-
AdminX 33, AdminX 34
-
2
-
Yes
The SSOUser class of the SSO Module does not override the hasRole() and inGroup() methods.
According to the interface description, as well as the default implementation (MgnlUser), both of the above mentioned methods should return whether a User has a transitive assignment of the given Group or Role.
SSOUser only takes directly assigned Groups and Roles into consideration.
Steps to reproduce
- Create a group in Magnolia and assign a role to it
- Create a SSO group mapping, so that a user gets the Group created in #1 assigned
- Login with the user and test role membership using User#hasRole
Expected results
should return true, as the user has the transitive role assigned.
should behave in the same way as a Magnolia installation with local user authentication.
Actual results
returns false
Workaround
Assign direct roles and groups only, which
- defeats the purpose of Role based Security
- unrealistic in an SSO environment (or any environment at all)
Development notes
A merge request has been created to fix this issue:
https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/pull-requests/188/overview
Acceptance criteria
There are no Sub-Tasks for this issue.