You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Moataz Elmasry <za...@googlemail.com> on 2009/07/13 23:08:38 UTC

Privilages inheritance in groups

Hello List

Is it possible that a group inherits the rights of another group. For 
example in the Properties realm something like that
role.group1=swim,run
role.group2=group1,fly #group2 can swim,run and fly

Best regards
Moataz

Re: Privilages inheritance in groups

Posted by Les Hazlewood <lh...@apache.org>.

Hi Moataz,

You can support groups and hierarchical groups in your data model, but this
would be unknown to Shiro - Shiro does not utilize the concept of a Group at
the moment.  The PropertiesRealm does not support the concept of Groups at
all.

If you want to do this, you would need to perform any related checks
yourself in your own Realm class/subclass.  For example, take just one of
the Realm calls, like isPermitted(p):

MyRealm#isPermitted(PrincipalCollection principals, Permission p) {
    User user = getUser(principals);
    if (user.isPermitted(p) ) {
        return true;
    }
    //not assigned directly to the user, so check their roles:
    Collection<Role> roles = user.getRoles();
    for( Role r : roles ) {
        if (r.isPermitted(p) ) {
            return true;
        }
    }
    //not assigned to any of their roles, so check their groups:
    //if groups are hierarchical, you might have to change this
    //logic, or have the Group delegate to parent groups when
    //performing the check:
    Collection<Group> groups = user.getGroups();
    for( Group g : groups ) {
        if ( g.isPermitted(p) ) {
            return true;
        }
    }
    //fallback:
    return false;
}


On Tue, Jul 14, 2009 at 4:58 AM, Moataz Elmasry <
zaza1851983ml@googlemail.com> wrote:

>
>
> ---------- Forwarded message ----------
> From: Moataz Elmasry <za...@googlemail.com>
> Date: 2009/7/13
> Subject: Privilages inheritance in groups
> To: shiro-user@incubator.apache.org
>
>
> Hello List
>
> Is it possible that a group inherits the rights of another group. For
> example in the Properties realm something like that
> role.group1=swim,run
> role.group2=group1,fly #group2 can swim,run and fly
>
> Best regards
> Moataz
>
>

Privilages inheritance in groups

Posted by Moataz Elmasry <za...@googlemail.com>.

---------- Forwarded message ----------
From: Moataz Elmasry <za...@googlemail.com>
Date: 2009/7/13
Subject: Privilages inheritance in groups
To: shiro-user@incubator.apache.org

Hello List

Is it possible that a group inherits the rights of another group. For
example in the Properties realm something like that
role.group1=swim,run
role.group2=group1,fly #group2 can swim,run and fly

Best regards
Moataz