+1, but imo we need a better name for it. regards, gerhard
2012/12/13 Rudy De Busscher <[email protected]> > All, > > I had once also such a requirement (post-method authorization) where this > could be very handy. > > We kept information about persons (name, age, address, medical info, ...) > but there where some categories. One kind of category was linked to the > Royals and you needed a special role before you could read the information. > > So we where only able to determine if the user was allowed to read the > person information after we had read it frmo the database and matched the > category. > > So > +1 > > Regards > Rudy > > > On 13 December 2012 09:26, Arne Limburg <[email protected] > >wrote: > > > Hi Jean-Louis, > > > > A simple use case is a method that creates an object, stores it to the > > database and returns it. > > You may want to check the object to decide if the user is allowed to > > create it. With my proposal it is as easy as: > > > > public class MyObjectRepository { > > @Create > > public MyObject create() { > > ... > > } > > } > > > > public class MyAuthorizer { > > > > @Secures @Create > > public boolean canCreate(@Result MyObject object) { > > // security check here > > } > > } > > > > > > Hope that makes it clear. And note that the check may depend on the state > > of the object, i.e. the user is just allowed to create the object, if he > > is the owner... > > > > Cheers, > > Arne > > > > Am 13.12.12 09:20 schrieb "Jean-Louis MONTEIRO" unter < > [email protected] > > >: > > > > >Hi Arne, > > > > > >Just read the JIRA but could not find a relevant use case for that. > > >But if you proposed it, I probably missed something so if you could > > >elaborate a bit more. > > > > > >Jean-Louis > > > > > > > > >2012/12/13 Mark Struberg <[email protected]> > > > > > >> > > >> > > >> +1 > > >> > > >> > > >> ------------------------------ > > >> Arne Limburg schrieb am Mi., 12. Dez 2012 23:38 PST: > > >> > > >> >Hi, > > >> > > > >> >What do you think of supporting post-method-authorization (see [1]) > in > > >> addition to our current pre-method-authorization? > > >> >I just started coding it and it is not much to do. > > >> > > > >> >Cheers, > > >> >Arne > > >> > > > >> >[1] https://issues.apache.org/jira/browse/DELTASPIKE-298 > > >> > > > >> > > >> > > > > > > > > >-- > > >Jean-Louis > > > > >
