I think UPDATE for individual fields is by far the most common case: You can
always check CREATE easily in customerHome.persist() and SELECT in
customerHome.find(). Nobody is using DELETE anyway :)
View the original post :
Would it make sense to tie this into Hibernate validation, or is this a silly
idea?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4029163#4029163
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4029163
You can definitely write a JPA interceptor which checks actual field values
using equals() during an update operation. (In theory you should really use
Type.isDirty() in Hibernate, but that's not portable.)
So you would require that the user annotate entity attributes with @Restrict,
and imply
Alternatively, the user can write an entitylistener, and call
Identity.checkPermission() themselves.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4029169#4029169
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4029169