net.liftweb.http.auth.Role and role hierarchy

[Baskaran S]

Hello Lift Authors,

In Loc.scala,  case class HttpAuthProtected(role: (Req) => Box[Role]) extends AnyLocParam  takes Role as a parameter.

On browsing the comments in Role.scala, I infer that a role has access to one or more paths of its own and also has access to all the paths of its descendants in the role-hierarchy. A role hierarchy is a tree where the leaf nodes are the least privileged and root node is the most privileged. And I guess that role-names are unique in the role-hierarchy.

I found that Role is accepting duplicate role-names:

    Role(root, Role(admin, Role(root, Role(admin))))

Test code:

import net.liftweb.http.auth._

object RoleTest {

  def main(args :Array[String]) :Unit = {

    val root = AuthRole("root")

    val b = AuthRole("admin")

    val c = AuthRole("root")

    val d = AuthRole("admin")

    root.addRoles(b,c,d)

    println(root)   // Role(root, Role(admin))

    b.addRoles(c,d)

    println(root)   // Role(root, Role(admin, Role(root)))

    c.addRoles(d)

    println(root)   // Role(root, Role(admin, Role(root, Role(admin))))

    root.removeRoleByName("admin")

    println(root)   // Role(root)

  }

}

- Baskaran