Oscar Bou created ISIS-1122:
-------------------------------
Summary: Security: allow to filter objects in Collections at the
core level
Key: ISIS-1122
URL: https://issues.apache.org/jira/browse/ISIS-1122
Project: Isis
Issue Type: Improvement
Components: Core
Reporter: Oscar Bou
Assignee: Dan Haywood
Currently, security filtering for objects in Collections is implemented at the
Wicket viewer level.
If implemented at the core level, it might allow to use this capability by all
viewers, and also on integration tests.
But there are some restictions in implementation:
- By default, the security filtering must be applied (i.e., when returning them
by finders? when invoking it inside a "wrapped" call?).
- But there are use cases when the unfiltered collection must be needed at the
Domain level (i.e., for validating results among the complete list. I have a
use case when, in the context of an authentication session, an existing Kit
must be associated with an Account. That Account does not have access to Kits
not associated to himself. But for the initial association I must access the
unfiltered list).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
