I would like to add that the isVisible or isEnabled methods could be replaced by a isValid method too. In some way there are the same because it could be share in both layers for the same reason but for different results: first case, it would disabled a link; in the second case, it would reject the message to the method.
On Thu, Mar 18, 2010 at 4:48 PM, Fernando Wermus <[email protected]>wrote: > Hi all, > I would like to explain my scenario and find the best way to apply > shiro in it for the best fit. > > > I have a user that could register to a periodical event and there is a > registration object to do it. > > I have a link in a web page for user registration on my webapp. This link > has a condition that will enable or disable it, > > (!registration.isRegistered(user)) > > > What means is if the user is already registered, disable the link (business > authorization) > > As he is watching the event, he has acquired the following role > > suscriptor (he has the right to register in the event because he is a > suscriptor of that kind of events) > > which has the following permision > > registration:register > > My question is the following, > > Where do I evaluate this condition? > > I imagine something as the following > > > import org.apache.shiro.authz.Permission; > > > > public class RegistrationPermission implements Permission { > > private name; > > public RegistrationPermission(String name){ > > this.name=name; > > } > > @Override > > public boolean implies(Permission arg0) { > > return false; > > } > > public boolean isVisible(Object object){ > > User user=WicketSession.getUser(); > > Registration registration=(Registration)object; > > return (!registration.isRegistered(user); > > } > > > } > > But the problem here is that instead of doing > > subject.isPermitted(unRegistrationPermission); > > I should do > > if (unRegistrationPermission.isVisible(WicketSession.getShownObject())){ > ...... > } > > I hope to have been clear enough > > thanks in advance > > > Fernando Wermus. > > www.linkedin.com/in/fernandowermus > -- Fernando Wermus. www.linkedin.com/in/fernandowermus
