Privilages inheritance in groups

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Privilages inheritance in groups

Moataz Elmasry-3
Hello List

Is it possible that a group inherits the rights of another group. For
example in the Properties realm something like that
role.group1=swim,run
role.group2=group1,fly #group2 can swim,run and fly

Best regards
Moataz
Reply | Threaded
Open this post in threaded view
|

Privilages inheritance in groups

Moataz Elmasry-3


---------- Forwarded message ----------
From: Moataz Elmasry <[hidden email]>
Date: 2009/7/13
Subject: Privilages inheritance in groups
To: [hidden email]


Hello List

Is it possible that a group inherits the rights of another group. For example in the Properties realm something like that
role.group1=swim,run
role.group2=group1,fly #group2 can swim,run and fly

Best regards
Moataz

Reply | Threaded
Open this post in threaded view
|

Re: Privilages inheritance in groups

Les Hazlewood-2
Hi Moataz,

You can support groups and hierarchical groups in your data model, but this would be unknown to Shiro - Shiro does not utilize the concept of a Group at the moment.  The PropertiesRealm does not support the concept of Groups at all.

If you want to do this, you would need to perform any related checks yourself in your own Realm class/subclass.  For example, take just one of the Realm calls, like isPermitted(p):

MyRealm#isPermitted(PrincipalCollection principals, Permission p) {
    User user = getUser(principals);
    if (user.isPermitted(p) ) {
        return true;
    }
    //not assigned directly to the user, so check their roles:
    Collection<Role> roles = user.getRoles();
    for( Role r : roles ) {
        if (r.isPermitted(p) ) {
            return true;
        }
    }
    //not assigned to any of their roles, so check their groups:
    //if groups are hierarchical, you might have to change this
    //logic, or have the Group delegate to parent groups when
    //performing the check:
    Collection<Group> groups = user.getGroups();
    for( Group g : groups ) {
        if ( g.isPermitted(p) ) {
            return true;
        }
    }
    //fallback:
    return false;
}


On Tue, Jul 14, 2009 at 4:58 AM, Moataz Elmasry <[hidden email]> wrote:


---------- Forwarded message ----------
From: Moataz Elmasry <[hidden email]>
Date: 2009/7/13
Subject: Privilages inheritance in groups
To: [hidden email]


Hello List

Is it possible that a group inherits the rights of another group. For example in the Properties realm something like that
role.group1=swim,run
role.group2=group1,fly #group2 can swim,run and fly

Best regards
Moataz