We need to be able to update a series of objects (SQL records)
in one (or few) single call (or in one or few equivalent operations using
database layers like Hibernate or other java code).
Without Acegi this would look like this (pseudo SQL here):
SET FIELD_NAME = FIELD_NAME + SomeOtherValueToAdd
WHERE OWNERID = SomeGivenOwnerId
(Using things like Hibernate means executing some sort of HQL
or some java method or whatever.)
Q: How do we restrict access to those objects that are not updateable
by current user/role? (using ACL permissions)
It is OK to call a few SQLs or java methods, but what we do not quite
anticipate is having to call a great number of SQL/java calls to find out
permissions for every single object in the database (table)
especially if we use permissions inheritance
(object inherits permissions from its parents objects using ACL inheritance
approach) and then update every single object one-by-one.
I understand we have an option to join ACL tables with domain object table
thus having natural SQL-based filter.
But we really want to have parent-child inheritance using ACL permissions.