One aspect of Acegi that we have not yet incorporated is the ACL functionality (because we had already begun using our own implementation before Acegi provided anything). I wonder, though, if the ACL functionality would be a better solution for this sort of thing? The Voter we created below was just a quick hack, really.
- Andy On Thursday 11 August 2005 05:46 am, [EMAIL PROTECTED] wrote: > I see I implemented the PrincipalArgumentVoter class without introducing > any intermediate abstracting class, so maybe some abstraction would > indeed be useful, at least for homogeneization of the syntaxes. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Andy Depue > Sent: Friday, August 05, 2005 6:12 PM > To: acegisecurity-developer@lists.sourceforge.net > Subject: Re: [Acegisecurity-developer] missing voting facilities? > > We did something very similar, only chose a more verbose route. We > created a > "SuperiorVoter" that can inspect a parameter, determine the owner of > that > parameter (object), and then only allow the owner or the owner's > superior > through. We chose this syntax: OWNER_OR_SUPERIOR_OF(PARAM_IDX=#) - Here > is > an example: > > com.marathon.workflow.Workflow.getWorkItemsForUser=OWNER_OR_SUPERIOR_OF( > PARAM_IDX=0) > > - Andy > > On Thursday 04 August 2005 05:56 am, [EMAIL PROTECTED] > > wrote: > > Hello, > > > > > > > > I would have liked to secure all methods in an object by > > implementing > > > a voter that does > > > > "if the USERID parameter is present, and the principal does not have > > superuser role, then > > > > USERID must be equal to principal". > > > > However, because the Method class only reifies the parameter types > > and > > > not their names, > > > > one if forced to go by argument position, and it would be really bad > > to > > > do the check for every method > > > > on argument #n blindly. > > > > So, one needs to go for a the more verbose way of specifying a > > method > > > definition source with entries for > > > > each method in the target class. > > > > Now, ideally one could have some more complex configuration > > attributes > > > that just a token string specifying some access, > > > > to allow for some comparisons to be specified just in XML without > > having > > > to write custom voters. > > > > In my case, I could live with some more basic framework which does > > some basic parsing of the tokens with a determined pattern, > > > > much in the same style as the RoleVoter, for example, tokens that > > start > > > with ARGUMENT_ and a number, eg: > > > > ARGUMENT_1_IS_PRINCIPAL. > > > > Then one could subclass such an abstract class and just implement > > the > > > specific check that you want for the argument. > > > > > > > > Fernando Mato Mira > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & > QA > Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
