David E Jones wrote:
Just define where alternate permissions are acceptable and add those
cases to the permission checking services.
The new permission-service stuff in the service engine (see the example
entity for examples ;) ) makes this easier.
You can extend the base permission service using ECA rules on the
permission service used by the service you want to reuse. Just have it
run your permission service after the main one IFF the main one results
in an error (failed permission check), and make sure your ECA rule has
it put its results in the context if your security scenario succeeds,
and off you go...
Wow - that's a great idea! I never thought of taking that approach.
Thanks!
