I am in a bit of a confusion and would like to get some comments on the following issue.
We are using ACL to protect access to a Core domain object, Lets call CostCenter, acl permissions are set according who can access which CostCenter. All works great. Now there are other domain objects like eployees, who belong to some CostCenter. I want to get only the users from the CostCentera logged in user has access to .
My costcenter service has methods like getCostCenters which is procted by a role and return a collection of CostCenters and are filtered through acl permissions. But Employee is not an ACL Object so getEmployees() turn collection of all emplyees.
One option was to call getCostCenters() first get a filtered list and then for each cost center get its employees. This works except getCostCenters and getEmployees have different role associated with them. So someone with getEmployees role might not be able to call getCostCenter....
In order to solve that i have to create dummy methods like, getCostCentersTo getEmployees() and set its access differnet from getEmployees()...
It works but doensn't feel right. Is there a better alternative?