This repository represents the final exam for the Data Technician with Specaility in Programming 2024. Grade recieved: Simon: 12 (A+), Jasmin: 12 (A+), Mike: 12 (A+)
I discovered that the chain of AccessResult could produce false positives when the application has access to an endpoint but the the given user hasn't. I've corrected the issues here, by only allowing whe CheckWhitelist methods to produce a success, if no subject (user or account type ID) has been given in AccessFor() (where the AccessResult is created).
Difference in usage: It is now required to use at least one 'Allow' method in the chain, when a user or account type ID is specified in AccessFor().
I discovered that the chain of
AccessResult
could produce false positives when the application has access to an endpoint but the the given user hasn't. I've corrected the issues here, by only allowing wheCheckWhitelist
methods to produce a success, if no subject (user or account type ID) has been given inAccessFor()
(where theAccessResult
is created).Difference in usage: It is now required to use at least one 'Allow' method in the chain, when a user or account type ID is specified in
AccessFor()
.