Say you have a database containing millions of records You have a permission which states that you can delete record 1234 - "record:delete:1234"
What is the best practice to check the authorization for instance 1234? The method /AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)/ accepts a collection of principals, so does not contain the identifier 1234. I don't want to add every record my user can delete to an AuthorizationInfo object (record:delete:0001,record:delete:0002,record:delete:0004, etc) as this could be 1000s. I can't see any easy way to hook in the callback to check instance 1234. Any ideas? Thanks -- View this message in context: http://shiro-user.582556.n2.nabble.com/Authroization-instance-level-checks-tp6913395p6913395.html Sent from the Shiro User mailing list archive at Nabble.com.
