The challenge with this is making sure that you don't have conflicts and you have a clear hierarchy of permissions. I have built some more advanced permissioning systems and that area is always a challenge. For example if you have ability to print to all and the restriction to not print to lpd7 then which one wins? Implementations can support this but they are always very complex to implement and suffer from performance or loops for invalid definitions.
Scot On 2/23/10 9:20 AM, "jobiwan11" <[email protected]> wrote: Thanks makes sense. I was supposing it could be hacked, i.e. "printer:print:^lpd7", then if(user.isPermitted("printer:print") && !user.isPermitted("printer:print:^lpd7")) allowToPrint(); --jim On Tue, Feb 23, 2010 at 6:28 AM, Les Hazlewood-2 [via Shiro User] <[hidden email] <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=4619842&i=0> > wrote: No, 'negative' permissions are not supported out of the box due to the complexity and performance hit it would probably incur. You're more than welcome to open a feature request in Jira however. Regards, Les On Mon, Feb 22, 2010 at 7:41 PM, jobiwan11 <[hidden email] <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=4619104&i=0> > wrote: > > If you have a permission like "printer:print:*" is there a way to say you're > not allowed to print to "lpd7" without getting rid of the "printer:print:*" > and listing out individual permissions per printer? > Thanks, > --jim > -- > View this message in context: > http://n2.nabble.com/permission-everything-but-this-item-tp4616037p4616037.html > Sent from the Shiro User mailing list archive at Nabble.com. > ________________________________ View this message in context: Re: permission everything but this item <http://n2.nabble.com/permission-everything-but-this-item-tp4616037p4619842.html> Sent from the Shiro User mailing list archive <http://n2.nabble.com/Shiro-User-f582556.html> at Nabble.com. Scott Ryan Triple Creek Associates Java Developer [email protected] (303) 263-3044
