Merge pull request #2405 from danhaywood/CAUSEWAY-3740
Causeway 3740
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java
index 2e68bf1..d6ff4de 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java
@@ -63,6 +63,7 @@
Can.of(CausewayModuleExtSecmanApplib.NAMESPACE).addAll(Can.ofCollection(adminInitialPackagePermissions))
.map(ApplicationFeatureId::newNamespace)
);
+
}
// -- HELPER
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java
index b0b985b..281e3be 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java
@@ -119,18 +119,6 @@
ApplicationFeatureId.newMember(ApplicationRole.LOGICAL_TYPE_NAME, "description")
);
- val vetoViewing = Can.of(
- // we explicitly ensure that the user cannot grant themselves
- // additional privileges or see stuff that they shouldn't
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "effectiveMemberPermissions"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "filterEffectiveMemberPermissions"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "resetPassword"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "lock"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "unlock"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "addRole"),
- ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "removeRoles")
- );
-
newPermissions(
ApplicationPermissionRule.ALLOW,
ApplicationPermissionMode.VIEWING,
@@ -141,11 +129,6 @@
ApplicationPermissionMode.CHANGING,
allowChanging);
- newPermissions(
- ApplicationPermissionRule.VETO,
- ApplicationPermissionMode.VIEWING,
- vetoViewing);
-
}
}