Using a custom realm you can generate permissions rather than store them
locally. So, in doGetAuthorizationInfo, you could do something like:
List<String> permissions = new ....;
for(Employee emp: getSupervisedEmployees()) {
for(int reportId: emp.getReportIds()) {
permissions.add("report:" + reportId);
}
}
Will that accomplish what you want?
-Jared
Dmitry <[email protected]> wrote:
by target you mean third part of permission? reports:view:<target-id> (e.g.
reports:view:1231)
well.. it can work, but if supervisor is changed (which is possible) i have
to transfer all permissions to other guy.
So i was looking to some extension to Shiro maybe, where i can consolidate
implication logic for access to particular report. Even may be http request
filter can work.
and also it doesn't seem that my realm called twice, looks Shiro is caching
permissions, how can i make them dynamic?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Advise-on-authorization-strategy-tp6312150p6312319.html
Sent from the Shiro User mailing list archive at Nabble.com.
