Merge pull request #2405 from danhaywood/CAUSEWAY-3740 Causeway 3740

commit: 82c1d186763489f7d2345c25280e78cb0224a5a0 [log] [tgz]
author: Dan Haywood <danhaywood@apache.org> Thu May 09 23:45:35 2024 +0100
committer: GitHub <noreply@github.com> Thu May 09 23:45:35 2024 +0100
tree: 42c6ba96e15d0cc0482ce042bca9e65ea79fa6af
parent: e4ee2a413ccb1d9d7df255b696ed2ea97e5e8941 [diff]
parent: fa475be992739cfc1d8259420375ac9768fda6c9 [diff]
diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java
index 2e68bf1..d6ff4de 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanAdminRoleAndPermissions.java

@@ -63,6 +63,7 @@
                 Can.of(CausewayModuleExtSecmanApplib.NAMESPACE).addAll(Can.ofCollection(adminInitialPackagePermissions))
                     .map(ApplicationFeatureId::newNamespace)
         );
+
     }
 
     // -- HELPER

diff --git a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java
index b0b985b..281e3be 100644
--- a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java
+++ b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/role/seed/CausewayExtSecmanRegularUserRoleAndPermissions.java

@@ -119,18 +119,6 @@
                 ApplicationFeatureId.newMember(ApplicationRole.LOGICAL_TYPE_NAME, "description")
                 );
 
-        val vetoViewing = Can.of(
-                // we explicitly ensure that the user cannot grant themselves
-                // additional privileges or see stuff that they shouldn't
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "effectiveMemberPermissions"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "filterEffectiveMemberPermissions"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "resetPassword"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "lock"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "unlock"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "addRole"),
-                ApplicationFeatureId.newMember(ApplicationUser.LOGICAL_TYPE_NAME, "removeRoles")
-        );
-
         newPermissions(
                 ApplicationPermissionRule.ALLOW,
                 ApplicationPermissionMode.VIEWING,
@@ -141,11 +129,6 @@
                 ApplicationPermissionMode.CHANGING,
                 allowChanging);
 
-        newPermissions(
-                ApplicationPermissionRule.VETO,
-                ApplicationPermissionMode.VIEWING,
-                vetoViewing);
-
     }
 
 }
commit	82c1d186763489f7d2345c25280e78cb0224a5a0	[log] [tgz]
author	Dan Haywood <danhaywood@apache.org>	Thu May 09 23:45:35 2024 +0100
committer	GitHub <noreply@github.com>	Thu May 09 23:45:35 2024 +0100
tree	42c6ba96e15d0cc0482ce042bca9e65ea79fa6af
parent	e4ee2a413ccb1d9d7df255b696ed2ea97e5e8941 [diff]
parent	fa475be992739cfc1d8259420375ac9768fda6c9 [diff]