So that means you're *implicitly* modelling the 'permission to modify your own data' as the negation of "useraccountdata:write:any". I'm looking for a way to do this explicitly.
Hypothetically (this may work well for your domain of course), what happens if there comes a time that some 'users' (say computer actors) are never allowed to change any useraccountdata not even there own. You would have to change your code. I'd rather have it work through declarative permissions instead. 2013/10/2 versatec [via Shiro User] < [email protected]> > I am following this road: > Shiro permissions: > useraccountdata:write:any - user may edit anybody's data > > JSF Backing bean: > if (subject.isPermitted("useraccountdata:write:any")) return all user data > found in a list and display in a jsf datatable (pseudo code: select * from > User) > else return only subject's own data for editing in the datable (pseudo > code: select * from User where User.id == subject.getPrincipal().getName() > ) > > So depending on whether the subject has the permission to edit 'any' I do > a different database query than when he lacks this permission. > > I also disable some UI components when the subject does not have the 'any' > permission since filtering and searching make no sense if only one set of > data is displayed, anyhow. > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/How-would-i-configure-that-a-user-is-only-allowed-to-change-it-s-own-account-data-tp7579208p7579209.html > To unsubscribe from How would i configure that a user is only allowed to > change it's own account-data?, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7579208&code=Z2JyaXRzQGdtYWlsLmNvbXw3NTc5MjA4fDExNjk3MTIyNTA=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-would-i-configure-that-a-user-is-only-allowed-to-change-it-s-own-account-data-tp7579208p7579211.html Sent from the Shiro User mailing list archive at Nabble.com.
