Default role and group restrictions

arapoport · January 12, 2021, 3:14am

Hi,

Some time ago, when my app ran on 6.10, I implemented a restricted role named “default” and set it as default role, following the Local Admin guide https://doc.cuba-platform.com/manual-6.10/local_admins_example.html.

Now, on platform version 7.2, I see that when a new user is created, the “default” role is not added to the new user, unless the user’s creator is an Administrator (with permissions to see the “default” role). The creation of a new user by other user that belongs to a group with a rule that restrict access to that “default” role, does not add this role.

That “default” role is important for me because it has a “denying” behavior, so if it is missing, then the user has all the permissions.

I don’t think it is related, but I set the following properties:

cuba.security.rolesPolicyVersion = 1
cuba.security.defaultPermissionValuesConfigEnabled = true
cuba.security.minimalRoleIsDefault = false

So, is there any way to keep the previous behavior or workaround ? Or should I implement something new ? I don’t like to rewrite my roles.

Thanks !!

firstova · January 12, 2021, 1:44pm

Hi.

Create the Department Administrator role for local administrators according to new documentation version.

arapoport · January 12, 2021, 4:34pm

Ok, thanks, I’ll take a look at it but I still need that role at this moment, otherwise I should retest everything. Is it possible to add that role to the User on the persist event or after commit event ?

Alejandro

firstova · January 13, 2021, 11:04am

Yes, you can substitute UserEntityListener bean implementation and override the following method

@Override
public void onBeforeInsert(User entity, EntityManager entityManager) {
    entity.setDisabledDefaultRoles(false)
    super.onBeforeInsert(entity, entityManager)
}

arapoport · January 14, 2021, 12:53pm

Thanks Natalia, it worked !