Something like this would give you lots of flexibility. What do you not like about it?
I think the big thing to keep in mind if you want to keep this of your DailyWTF, is how you store these mappings If you are defining 10,000 of these and storing them in a flat file, you might have a problem. On the other hand if you have some relational model, and you build your permission strings on the fly you might be better off, and may be easier to evolve. On Tue, May 17, 2011 at 8:45 PM, cadwhit <[email protected]> wrote: > (I apologize, I sent this to Shiro Developers, not Shiro Users, I need to > read more better) > > Hello all, > > I'm trying to simplify a complex set of rules, I'm going to use the example > of schools/districts/courses/assignments... here's my swing at it: > > Districts, Schools, Courses and Assignments > Administrators, Teachers and Students > > Scenario #1 - I am an administrator, I can create Schools for my district, > I > can create Courses for my district > "district:5:school:create" > "district:5:school:*:course:create" > > Scenario #2 - I am a teacher, I can create courses for my school > "district:5:school:23:course:create" > > Scenario #3 - I am a student I can view my assignments > "district:5:school:23:course:14:assignment:23:view" > "district:5:school:23:course:14:assignment:24:view" > > Scenario #4 - I am a consultant, I can view all assignments in a district > regardless of school > "district:5:school:*:course:*:assignment:*:view" > > Scenario #5 - I am a principal, I can do whatever I want in my School > "district:5:school:23" > > Scenario #6 - I am a substitute, I can assign students in courses I have > access to > "district:5:school:23:course:14:assign" > "district:5:school:23:course:15:assign" > "district:1:school:155:course:15:assign" > > Here's my problem... > Technically speaking Scenario #3 could look like this "assignment:23:view" > > But that conflicts with Scenario #4 > "district:5:school:*:course:*:assignment:*:view" > > > Is it best to have a full chain like I am describing? Is this using Shiro > improperly? > > Any help would be appreciated, I don't want to go down this road and then > have someone else come by it in 5 years and put it on DailyWTF :) > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Data-Permissions-Heirarchy-tp6375897p6375897.html > Sent from the Shiro User mailing list archive at Nabble.com. >
