Announcement Announcement Module
No announcement yet.
Trying to understand acegi authorization Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trying to understand acegi authorization

    N00B here. I am in the process of getting custom authentication done using Acegi.

    As a next step I have to authorize users against resources used. For example to add a comment on a post, the user must have permission on the thread. I would like to check for this permission before the addComment method is called. In this permission check I would take the userId, the threadId and make sure that the appropriate thread permission is given, if not, I will present an error message.

    Can this be done with acegi. Any guidance?

  • #2
    I've not tried it myself yet, but I would take a look at the Acegi domain object security features.
    Last edited by karldmoore; Aug 29th, 2007, 11:47 AM.