Hi all,
given Apache Shiro's permission format domain:action:instance how would I
define that a user may only change it's own account-data?
I could do the following but this leads to an enormous explosion of
permissions:
useraccountdata:write:user1 permit to user1 ... useraccountdata:write:userN
permit to userN
What I need instead is something of permission-rules to configure this
dynamically.
Something like: useraccountdata:write:user{n} permit to user{n}
automatically for all n
Is this supported somehow or am I completely on the wrong path here? If not,
how would you do it?
Thanks,
Geert-Jan
P.s: verbatim copy from Stackoverflow where this quesiton didn't get much
traction.
http://stackoverflow.com/questions/19125869/how-would-i-configure-that-a-user-is-only-allowed-to-change-its-own-account-dat
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/How-would-i-configure-that-a-user-is-only-allowed-to-change-it-s-own-account-data-tp7579208.html
Sent from the Shiro User mailing list archive at Nabble.com.
