Similar to issues #3, #4 and #6, the current limitation in setDomainPermissions() is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).
We want to be able to call setDomainPermissions() with the current direct domain permissions, without affecting anything.
In other words:
If grantor G has permission to grant domain permission P on domain D to accessor A, then G should be able to call setDomainPermissions() with a set that includes any current direct domain permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.
Todo:
fix setDomainPermissions() to allow re-setting of current direct domain permissions when grantor does not have granting rights
fix to correctly up/downgrade permissions with grant
Similar to issues #3, #4 and #6, the current limitation in
setDomainPermissions()is that I can't call it successfully if I don't have granting rights on a permission granted by someone else, because it would either be an unauthorized add/remove (depending on if I specified such a permission).We want to be able to call
setDomainPermissions()with the current direct domain permissions, without affecting anything.In other words: If grantor G has permission to grant domain permission P on domain D to accessor A, then G should be able to call
setDomainPermissions()with a set that includes any current direct domain permissions to which G does not have granting rights, in order for G to make use of his granting rights to P.Todo:
setDomainPermissions()to allow re-setting of current direct domain permissions when grantor does not have granting rights