Hi, I'd like to use shiro with a jdbc-realm to secure a example app... Now I don't find a solution/doc/tutorial how to implement my app so that a authenticated user can only see it's own data, e.g. a document...
I've got my tables in the db, (roles, permissions, users, roles_permissions, users_roles) and as roles I've got "admin" and "user", now I thougt I can create permissions like "document:read", "document:write" and "document:delete" and the admin role gets "document:*" so that it can do all with all documents. But how to I set the user permissions only for it's own documents? E.g. a user has 3 documents, with unique ids, 4, 7, 12. So he should have a permission like "document:*:4,7,12". Is that right? But where do I have so store this permission? Or do I have to have to set this permission at runtime, like first select all docs where the user is owner and then set the permission dynamicly? Thx and Regards... -- View this message in context: http://shiro-user.582556.n2.nabble.com/Permissions-on-specific-Objects-tp7577956.html Sent from the Shiro User mailing list archive at Nabble.com.
