I do not know whether my way of doing things is better but I will describe it
anyway:
I wrote Facade / DAO methods whose invocations are restricted to certain
Permissions; in your case that would look something like:
// method invocation is restricted to the any:view Permission which I
presume only admins should have
public List<Resource> viewAnyResource(ResourceId resourceId) {
return the specific resource or all if resourceId is null
}
// method invocation is restricted to the any:edit Permission which I
presume only admins should have
public Resource editAnyResource(ResourceId resourceId) {
...
}
// method invocation is restricted to the agent:view Permission which only
agents have
public List<Resource> viewAgentsResource(ResourceId resourceId, User agent)
{
return only the specific resource or all (if resourceId is null) for whom
'agent' is the agent
}
// method invocation is restricted to the business:view Permission which
only agents have
public List<Resource> viewBusinessResource(ResourceId resourceId, User
business) {
return only the specific resource or all (if resourceId is null) that
belong to the specified business
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Getting-Specific-Information-from-the-Authorization-Process-tp7580600p7580601.html
Sent from the Shiro User mailing list archive at Nabble.com.
