Hello, list.
I am considering rewriting my app's instance level security code.
Currently I use roles and evaluate certain fields on my objects for
governing instance level access.
I think, using permissions would help clean up the code a lot.
Now my question is -- just to be sure:
When I change the relationship of a user to a domain object, I'd have
to change permissions as well, right?
That means, put very abstract, that the code has to change like that:
//old
void changeReviewer(User aUser) {
if (aUser == null)
throw new BadParamException("aUser is null");
this.setReviewer(aUser);
}
//new
void changeReviewer(User aUser) {
if (aUser == null)
throw new BadParamException("aUser is null");
User oldReviewer = this.getReviewer();
Transaction t = new Transaction();
try {
this.setReviewer(aUser);
permDao.delete("entry:review:" + this.id, oldReviewer);
permDao.create("entry:review:" + this.id, aUser);
t.commit();
} catch (Exception e) {
t.rollback();
}
}
Is this correct or am I horribly over complicating things right now?
I'm still not 100% sure about how to use permissions...
Thanks in advance!
Cheers,
DJ
