The current limitation in setResourcePermissions() is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).
We want to be able to call setResourcePermissions() with the current permissions, without affecting anything.
In other words:
If grantor G has permission to grant P on resource R to accessor A, then G should be able to call setResourcePermissions() with a set that includes any current permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.
Todo:
fix setResourcePermissions() to allow re-setting of current direct permissions when grantor does not have granting rights
fix to correctly up/downgrade permissions with grant
The current limitation in
setResourcePermissions()is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).We want to be able to call
setResourcePermissions()with the current permissions, without affecting anything.In other words: If grantor G has permission to grant P on resource R to accessor A, then G should be able to call
setResourcePermissions()with a set that includes any current permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.Todo:
setResourcePermissions()to allow re-setting of current direct permissions when grantor does not have granting rights