It sounds like what you want is a "permission filter". Something that
will examine each request and either create a session scoped variable
with that users permissions, or update it if it has changed in the DB.
Then on your pages you just need to make sure users can only see
data/options/etc that apply to the permissions they have.
If this is what you want to do there is probably a number of ways to do
it. My initial though was to create a request filter from scratch, but
it may be worth a look at ACEGI to see if they already handle this
problem. I'm guessing that they do because I know if you change your
password in an ACEGI app, you need to log in again because your previous
login became invalid.
Nathan
majaa majaa wrote:
Hello
I'm newbie at spring technology and appfuse.
In my application i have a table user, table groups and table
permission that contain id from user, id from groups and value of
permission.
When a user logs in, i read all permission to session and I check all
permission in filters.
I don't know where I should do this. Now I have it on first page which
I get after login.
But it isn't good solution.
Perhaps the best idea is to use proxy before I get to each page? How
should I do this?
Perhaps it is possible to do it with acegi (with parameters user,
groups (BUT during session i can change groups and th en i have
another permission to these pages -> dynamic permissions).
thanks for your help (in advance)
majaa
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
