Thanks Eric for the clarification. On Fri, Jan 21, 2011 at 11:11 PM, Eric Evans <eev...@rackspace.com> wrote:
> On Fri, 2011-01-21 at 22:45 +0600, indika kumara wrote: > > Shouldn't the existing method be changed to the following? > > > > public boolean authorize(AuthenticatedUser user, List<Object> > > resource, > > Permission permission); // checks the authority for a given user for > > a > > given resource for a given permission > > I don't think so, no. This method is answering the question, "Given a > resource, what is this user allowed to do?". It's the job of > o.a.c.service.ClientState to call authorize() and determine if the set > of returned Permissions allows a given operation on that resource. > > If you don't want the additional granularity you can simple return > Permission.ALL. > > > The existing method: > > > > public EnumSet<Permission> authorize(AuthenticatedUser user, > > List<Object> > > resource); > > > > I noticed that we retrieved all permissions and checks > > 'perms.contains(perm)' ... May permissions be cached at later? > > Classes implementing IAuthority are free to perform caching as they see > fit, yes. > > -- > Eric Evans > eev...@rackspace.com > >
