assertPostCreateResourcePermission() can produce incorrect result when querying for a permission with grant

acciente / oacc-core

OACC (Object ACcess Control) is an advanced Java Application Security Framework

http://oaccframework.org/

Apache License 2.0

107 stars 23 forks source link

assertPostCreateResourcePermission() can produce incorrect result when querying for a permission with grant #10

Closed fspinnenhirn closed 9 years ago

fspinnenhirn commented 9 years ago

The assertPostCreateResourcePermission() method compares the requested permission without regard to its withGrant property, and could thus incorrectly assert the requested permission as a post create permission in the case that the post create permission is without grant and the requested is with grant.