I've just about finished adding my first feature that uses object
permissions to a tapestry app (tapestry-security 0.5.1, tapestry 5.3.8).
Users are given permissions to the objects they are allowed to
maintain, when they go to the new page, only the objects they have
permission to maintain appear on the list of objects, and when they try
to POST a change, shiro ensure they have rights to the object. All
works, no problems.
This new feature is functionality that not all users have access to, so
on the front page I want to add a link that only appears for users who
have access. This is where I run into a problem - it doesn't seem
possible to ask whether a user has a certain access to <any> object,
instead of access to all objects or to one particular object.
Using Shiro's favorite example, the problem is this:
Users have permissions of the form 'printer:print:laserjet3440',
'printer:view:canonb2'. If I say
<t:security.hasAnyPermissions permissions="printer:view:*"> ...
the option only appears for users who have the wildcard permission, not
the real users who may have rights to one or several printers. What I
think we need is an existential wildcard ('printer:view:?' maybe) that
matches any object.
From what I can tell, the Shiro simply doesn't have this functionality
in its permissions.
The workaround I've used for now is to grant every user who has one of
these object-based permissions an 'any' permission,
e.g. 'printer:view:-any-', and to base the page permissions on this.
Have I missed anything obvious ? What do other people do ?
Regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org