This repository represents the final exam for the Data Technician with Specaility in Programming 2024. Grade recieved: Simon: 12 (A+), Jasmin: 12 (A+), Mike: 12 (A+)
I discovered that the chain of AccessResult could produce false positives when the application has access to an endpoint but the the given user hasn't. I've corrected the issues here, by only allowing whe CheckWhitelist methods to produce a success, if no subject (user or account type ID) has been given in AccessFor() (where the AccessResult is created).
Difference in usage: It is now required to use at least one 'Allow' method in the chain, when a user or account type ID is specified in AccessFor().
I discovered that the chain of
AccessResultcould produce false positives when the application has access to an endpoint but the the given user hasn't. I've corrected the issues here, by only allowing wheCheckWhitelistmethods to produce a success, if no subject (user or account type ID) has been given inAccessFor()(where theAccessResultis created).Difference in usage: It is now required to use at least one 'Allow' method in the chain, when a user or account type ID is specified in
AccessFor().