assertGlobalResourcePermission() can produce incorrect result when querying for a permission with grant

acciente / oacc-core

OACC (Object ACcess Control) is an advanced Java Application Security Framework

http://oaccframework.org/

Apache License 2.0

107 stars 23 forks source link

assertGlobalResourcePermission() can produce incorrect result when querying for a permission with grant #11

Closed fspinnenhirn closed 9 years ago

fspinnenhirn commented 9 years ago

The assertGlobalResourcePermission() method compares the requested permission without regard to its withGrant property, and could thus incorrectly assert the requested permission as a global permission in the case when the global is without grant and the requested is with grant.