I'm using wildcard permissions in a Grails application I'm working on,
and there is something which has been bothering me in terms of code
robustness, so I'm interested in hearing how others deal with this - it
may not be a problem at all. The question is this - if we're using
simple strings, with no compile time checking, what can we do to avoid
problems from mistyping permissions? That is, when you test in your
application whether the subject has permission to do something, e.g.,
if ( SecurityUtils.getSubject().isPermitted("printer:query:lp7200") {
//do something
}
how do you know that that what you are checking for is a valid
permission? For example, the user may actually have been assigned the
permission "printing:query:lp7200" (i.e., "printing" not "printer"), so
this test would return false. It strikes me as something of a potential
minefield for errors. Is there some good way of making sure checked-for
permissions match assigned permissions? Or is this just something you
have to put lots of testing code in for?
