Similar to issue #3, the current limitation in setResourceCreatePermissions() is that I can't call it successfully if I don't have granting rights on a create permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).
We want to be able to call setResourceCreatePermissions() with the current direct create permissions, without affecting anything.
In other words:
If grantor G has permission to grant create permission P on resource class C to accessor A, then G should be able to call setResourceCreatePermissions() with a set that includes any current direct create permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.
Todo:
fix setResourceCreatePermissions() to allow re-setting of current direct create permissions when grantor does not have granting rights
fix to correctly up/downgrade permissions with grant, including post create permissions
Similar to issue #3, the current limitation in
setResourceCreatePermissions()is that I can't call it successfully if I don't have granting rights on a create permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).We want to be able to call
setResourceCreatePermissions()with the current direct create permissions, without affecting anything.In other words: If grantor G has permission to grant create permission P on resource class C to accessor A, then G should be able to call
setResourceCreatePermissions()with a set that includes any current direct create permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.Todo:
setResourceCreatePermissions()to allow re-setting of current direct create permissions when grantor does not have granting rights