[gatein-issues] [JBoss JIRA] (GTNPORTAL-2899) The membership type "*" is not interpreted

The membership type "*" is not interpreted ------------------------------------------- Key: GTNPORTAL-2899 URL: https://issues.jboss.org/browse/GTNPORTAL-2899 Project: GateIn Portal Issue Type: Feature Request Security Level: Public(Everyone can see) Affects Versions: 3.5.3.Final Environment: eXo Platform 4.0.0-Beta2 Reporter: Hela Zekri Assignee: Trong Tran Priority: Blocker Labels: portal-s71, worked Fix For: 3.7.0.Final Original Estimate: 4 hours Time Spent: 3 hours Remaining Estimate: 1 hour {color:red} In eXo Platform, we have the membership type "*". If user has this membership type in a group, it means that he has all membership types in this group. {color} *Please try this scenario :* Add a user that has the membership type "manager" in "/platform/administrators" group and the membership type "*" in "/platform/users" group. When this user clicks "add page" in "Page Management", he has the possibility to choose the owner type "group" or "portal". If he chooses "group", the expected output is that he gets as "Owner Id", a selectbox that contains all groups in which he has the membership type "manager". (!) The membership type "manager" is set in "portal-configuration.xml" as value-param to UserACL component : {code:xml} <value-param> <name>navigation.creator.membership.type</name> <description>specific membership type have full permission with group navigation</description> <value>manager</value> </value-param> {code} In this case, user should get as "Owner Id" a selectbox that contains "/platform/administrators" and "/platform/users" groups(The membership type "*" includes "manager" membership type). But the current behavior is that the selectbox of "Owner Id" contains only the group "/platform/administator". This is due to the fact that the relationship "*" is considered as a String and not interpreted. *There are two possible solutions to this problem :* 1- Set the possibility to put many values for "navigation.creator.membership.type" value-param. So that we could do for example : {code:xml} <value-param> <name>navigation.creator.membership.type</name> <description>specific membership type have full permission with group navigation</description> <value>*,manager</value> </value-param> {code} 2- In "_findRoles_" method in "_org.picketlink.idm.impl.api.session.managers.RoleManagerImpl_" class : In the code bellow, each relationship of a user is compared to roleType ("manager"). If it is equal, it will be added to the list that will be returned. So even "*" is compared to "manager", it is not equal, so it won't be added. {code} for (IdentityObjectRelationship relationship : relationships) { if (roleType != null) { if (roleType.getName().equals(relationship.getName())) { roles.add(new SimpleRole(new SimpleRoleType(relationship.getName()), createUser(relationship.getToIdentityObject()), createGroup(relationship.getFromIdentityObject()))); } } else { roles.add(new SimpleRole(new SimpleRoleType(relationship.getName()), createUser(relationship.getToIdentityObject()), createGroup(relationship.getFromIdentityObject()))); } } {code} We created [https://issues.jboss.org/browse/PLIDM-40] in which we propose a patch that adds a test on "*" value. In the patch, we changed : {code} if (roleType.getName().equals(relationship.getName())) {code} to : {code} if ((roleType.getName().equals(relationship.getName())) || relationship.getName().equals("*")) {code}