assertResourcePermission() can produce incorrect result when querying for a permission with grant

acciente / oacc-core

OACC (Object ACcess Control) is an advanced Java Application Security Framework

http://oaccframework.org/

Apache License 2.0

107 stars 23 forks source link

assertResourcePermission() can produce incorrect result when querying for a permission with grant #12

Closed fspinnenhirn closed 9 years ago

fspinnenhirn commented 9 years ago

The assertResourcePermission() method compares the requested permission without regard to its withGrant property, and could thus incorrectly assert the requested permission in the case that the actual permission is without grant and the requested is with grant.