Closed tmetzke closed 1 year ago
AuthorizationManager#checkAuthorization
that executes the isUserAuthorizedForResource
mapping (same query for every API). The following APIs/commands use specific revoke-including queries:
FetchExternalTaskAuthorizationTest
)enabled
, all queries and API tested above will work as expected as well.
authCheckJoin
remove permission for all instances of a resource type when using REVOKE for a specific instance of that resource by ID. For example, having two batch instances batch1
and batch2
, granting READ permission for all batches to all users in general (using *
), revoking READ access for batch1
for a specific user user1
, that user cannot read any batches anymore.fetchAndLock
also fails with the mentioned issue).
Acceptance Criteria (Required on creation)
Hints
Links
Breakdown