I think it's "defaultPolicy", not "policy". Anyway I think that such static annotations can't really capture what's necessary for a real application. An app has to ensure that only any appropriate actor can make changes to a given object, and then there may be nuances to what different sorts of actors can do. This seems like something that has to be done in the business logic of the application, and it requires a data layer that can report on pending changes to a pending persisted object. Those changes can then be vetted through a policy layer, and violations can result in exceptions before the data layer commits the open transaction.
------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
