[
https://issues.apache.org/jira/browse/SHIRO-657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16740123#comment-16740123
]
Junling Bu commented on SHIRO-657:
----------------------------------
Indeed, wildcard permissions will fail in my case although it is powerful.
However, I think using wildcard permissions may be not a practical way. I only
use non-wildcard permissions in my project.
1. define a request mapping methods
{code:java}
@RequestMapping("/read")
public Object read() {
return ResponseUtil.ok("hello world, this is admin service");
}
{code}
2. define the permission for this request mapping methods
{code:java}
@RequiresPermissions("index:permission:read")
@RequestMapping("/read")
public Object read() {
return ResponseUtil.ok("hello world, this is admin service");
}
{code}
3. define the permission description for this permission
{code:java}
@RequiresPermissionsDesc(menu={"Test" , "Index"}, button="read")
@RequiresPermissions("index:permission:read")
@RequestMapping("/read")
public Object read() {
return ResponseUtil.ok("hello world, this is admin service");
}
{code}
4. generate the json object for web.
{code:java}
@GetMapping("/permissions")
public Object getPermissions(Integer roleId) {
List<PermVo> systemPermissions = getSystemPermissions();
Set<String> assignedPermissions = getAssignedPermissions(roleId);
Map<String, Object> data = new HashMap<>();
data.put("systemPermissions", systemPermissions);
data.put("assignedPermissions", assignedPermissions);
return ResponseUtil.ok(data);
}
{code}
Here getSystemPermissions will generate the system designed permissions basing
on both RequiresPermissions and RequiresPermissionsDesc, like
[
{
menu: Test,
page: Index;
button: read,
permission: "index:permission:read"
}
]
Users can only understand read button of the Index page in Text menu while it
is hard for them to understand actual permission value. Here they can select
the permission because of read button and post to the sever the permission
value "index:permission:read".
Anyway I think we can define the desc in the RequiresPermissions, like
public @interface RequiresPermissions {
String[] value();
String[] desc();
}
The desc here is harmless for current shiro,. But I can use this to add "Text
menu: Index page: read Button" and generate later.
> Add desc to RequiresPermissions
> -------------------------------
>
> Key: SHIRO-657
> URL: https://issues.apache.org/jira/browse/SHIRO-657
> Project: Shiro
> Issue Type: Improvement
> Reporter: Junling Bu
> Priority: Minor
>
> This is a feature request.
> The use case is that I can parse RequiresPermissions to generate system
> permission list.
> However, I want to generate description text for each defined permission
> meanwhile.
> These texts will give better user experience rather than actual permissions.
> For example:
> {code:java}
> @RequiresPermissions(value="admin:list", desc="Admin List Permission")
> @GetMapping("/list")
> public Object list(){
> }
> {code}
> Afterwards, I can generate following json array and only show label property
> for users.
> {code:json}
> [
> {
> id: "admin:list",
> label: "Admin List Permission"
> }
> ...
> ]
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
