Grandparent inheritance?

[eharrow]

Accesscontrol seems to support extending permissions from a parent to child but does not seem to support inheriting permissions more than one level up i.e. grandparent -> parent -> child

e.g. viewer -> ops -> admin where viewer has read, ops read/update and admin read/update/delete

accessControl.grant('viewer').readAny('devices');
accessControl.grant('ops').extend('viewer').updateAny('devices');
accessControl.grant('admin').extend('ops').deleteAny('devices');
console.log(`accessControl.getGrants()=${JSON.stringify(accessControl.getGrants())}`);
assert(accessControl.can('ops').readAny('devices').granted);
assert('admin can reay any devices=' + accessControl.can('admin').readAny('devices').granted);

Correct or have I set up my grants incorrectly?

[eharrow]

I guess a work around would be

accessControl.grant('viewer').readAny('devices');
accessControl.grant('ops').updateAny('devices');
accessControl.grant('admin').deleteAny('devices').extend('ops');
accessControl.extendRole(['ops', 'admin'], 'viewer');
console.log(`accessControl.getGrants()=${JSON.stringify(accessControl.getGrants())}`);
assert('admin can read any devices=' + accessControl.can('ops').readAny('devices').granted);
assert('admin can read any devices=' + accessControl.can('admin').readAny('devices').granted);

[onury]

Your grants are perfect. The default behaviour should be full-inheritance. It seems extended roles are not acquired recursively while querying for permissions.

I'll look into it right now.

[onury]

Fixed in v2.0.0