shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cadwhit <caden.whita...@gmail.com>
Subject hierarchical data
Date Wed, 18 May 2011 00:02:52 GMT
Hello all,

I'm trying to simplify a complex set of rules, I'm going to use the example
of schools/districts/courses/assignments... here's my swing at it:

Districts, Schools, Courses and Assignments
Administrators, Teachers and Students

Scenario #1 - I am an administrator, I can create Schools for my district, I
can create Courses for my district
"district:5:school:create"
"district:5:school:*:course:create"

Scenario #2 - I am a teacher, I can create courses for my school
"district:5:school:23:course:create"

Scenario #3 - I am a student I can view my assignments
"district:5:school:23:course:14:assignment:23:view"
"district:5:school:23:course:14:assignment:24:view"

Scenario #4 - I am a consultant, I can view all assignments in a district
regardless of school
"district:5:school:*:course:*:assignment:*:view"

Scenario #5 - I am a principal, I can do whatever I want in my School
"district:5:school:23"

Scenario #6 - I am a substitute, I can assign students in courses I have
access to
"district:5:school:23:course:14:assign"
"district:5:school:23:course:15:assign"
"district:1:school:155:course:15:assign"

Here's my problem...
Technically speaking Scenario #3 could look like this "assignment:23:view"

But that conflicts with Scenario #4
"district:5:school:*:course:*:assignment:*:view"


Is it best to have a full chain like I am describing? Is this using Shiro
improperly? 

Any help would be appreciated, I don't want to go down this road and then
have someone else come by it in 5 years and put it on DailyWTF :)


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/hierarchical-data-tp6375796p6375796.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Mime
View raw message