Results 1 to 2 of 2

Thread: ACL taking into account on object state

  1. Feb 20th, 2006, 01:45 PM #1
    LukaszRacon
    LukaszRacon is offline Junior Member
    Join Date
    Feb 2006
    Posts
    1

    Default ACL taking into account on object state

    I have businessManager that has edit method(Order).
    Now based on order state certain user groups can or cannot edit this object.

    I.e.
    - admin always can call edit, unless object state is closed.
    - user can edit unless order is closed or shipped.

    So far it seams that I have to create custom StateBasedAclProvider, and StateBasedAclDao. Provider would get from dao ACLs based on aclObjectIdentity and state. Dao would return list of BasicAclEntry for given aclObjId and state. Then the rest would look similar to Basic Acl authorization.

    Anyone has better idea how to do it?

    Thanks in advance,
    Lukasz
  2. Mar 6th, 2006, 07:38 AM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    If your needs are simple (and they seem to be) perhaps you can try writing a custom AccessDecisionVoter instead.
    Ben Alex
    Project Founder, Spring UAA, Spring Roo and Spring Security
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules