[shib_auth] Shib & Taxonomy Access Control
Kristof Bajnok
bajnokk at niif.hu
Fri Apr 27 00:32:31 CEST 2012
Hi Avi,
On 25/04/12 23:54, Avi Schwab wrote:
> when user roles are set dynamically the TAC doesn't seem to see them
> and does not allow the user to see those pages to which I've given
> them access. If I make a role rule sticky (or assign a group
> directly) then the user can see the pages correctly.
>
> I dug around a little and am not totally sure how the dynamic roles
> are being stored, but I'm assuming it's a session variable instead
> of a db variable.
Dynamic roles are added to the global $user object run-time.
> Is it possible that TAC only reads db variables
> and therefore does not see these dynamic roles?
I don't know TAC, you should probably ask them.
However, it is possible that TAC is invoked _before_ shib_auth and
therefore the role verification happens before the roles could be added
to the user. I don't know, how we can avoid that, hints are welcome.
Kristof
More information about the shib_auth
mailing list