Affects Version/s: 5.2, 5.3.1, 5.4-dev
Sprint:Castor Core S1, Castor Core S2
- make sure http cache is enabled ( "SetEnv USE_HTTP_CACHE 1" on virtualhost config )
- create an obj state group, with at least a couple of states
- create a role
- give it a policy of state/assign, with a limitation on the new state
- assign that role to admin
- go to backoffice
An exception will be thrown:
On last step you'll get exception because permission system loads all roles, problem is that NewState policyLimitationType is not implemented and admin user is loaded by userhash generator funnily enough things work if you assign the same role to another user, and use it to login.
Proposed behavior change:
- introduce optional logging for missing limitations
- if not provided throw like today, if provided log instead and threat as "no access" so it basically continues to next assignment and threats the "current one" as "saying no"
- setup prod to log by default