Announcement Announcement Module
Collapse
No announcement yet.
ACL taking into account on object state Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL taking into account on object state

    I have businessManager that has edit method(Order).
    Now based on order state certain user groups can or cannot edit this object.

    I.e.
    - admin always can call edit, unless object state is closed.
    - user can edit unless order is closed or shipped.

    So far it seams that I have to create custom StateBasedAclProvider, and StateBasedAclDao. Provider would get from dao ACLs based on aclObjectIdentity and state. Dao would return list of BasicAclEntry for given aclObjId and state. Then the rest would look similar to Basic Acl authorization.

    Anyone has better idea how to do it?

    Thanks in advance,
    Lukasz

  • #2
    If your needs are simple (and they seem to be) perhaps you can try writing a custom AccessDecisionVoter instead.

    Comment

    Working...
    X