...
Although this question exposes gaps in the functions of the groups manager channel, it seems like it could be solved at least in the short term with a custom permissions policy. The policy would use evaluate permissions owned by the groups manager channel, i.e.,
| Code Block |
|---|
owner = "org.jasig.portal.channels.groupsmanager.CGroupsManager"
|
such that permission targets that have a wildcard syntax to indicate, i.e.g., a permissions target is
| Code Block |
|---|
target = "group.local.123*"
|
actually point to a group and its ancestorsdescendants. I'm attaching a sample that policy uses this approach here.