Hi all,
I would like to explain my scenario and find the best way to apply
shiro in it for the best fit.
I have a user that could register to a periodical event and there is a
registration object to do it.
I have a link in a web page for user registration on my webapp. This link
has a condition that will enable or disable it,
(!registration.isRegistered(user))
What means is if the user is already registered, disable the link (business
authorization)
As he is watching the event, he has acquired the following role
suscriptor (he has the right to register in the event because he is a
suscriptor of that kind of events)
which has the following permision
registration:register
My question is the following,
Where do I evaluate this condition?
I imagine something as the following
import org.apache.shiro.authz.Permission;
public class RegistrationPermission implements Permission {
private name;
public RegistrationPermission(String name){
this.name=name;
}
@Override
public boolean implies(Permission arg0) {
return false;
}
public boolean isVisible(Object object){
User user=WicketSession.getUser();
Registration registration=(Registration)object;
return (!registration.isRegistered(user);
}
}
But the problem here is that instead of doing
subject.isPermitted(unRegistrationPermission);
I should do
if (unRegistrationPermission.isVisible(WicketSession.getShownObject())){
......
}
I hope to have been clear enough
thanks in advance
Fernando Wermus.
www.linkedin.com/in/fernandowermus
