Similar to issues #3 and #4, the current limitation in setGlobalResourcePermissions() is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).
We want to be able to call setGlobalResourcePermissions() with the current direct global permissions, without affecting anything.
In other words:
If grantor G has permission to grant permission P on resource class C globally to accessor A, then G should be able to call setGlobalResourcePermissions() with a set that includes any current direct global permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.
Todo:
fix setGlobalResourcePermissions() to allow re-setting of current direct global permissions when grantor does not have granting rights
fix to correctly up/downgrade permissions with grant
Similar to issues #3 and #4, the current limitation in
setGlobalResourcePermissions()is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).We want to be able to call
setGlobalResourcePermissions()with the current direct global permissions, without affecting anything.In other words: If grantor G has permission to grant permission P on resource class C globally to accessor A, then G should be able to call
setGlobalResourcePermissions()with a set that includes any current direct global permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.Todo:
setGlobalResourcePermissions()to allow re-setting of current direct global permissions when grantor does not have granting rights