No Before Methed Access Control List?

[GoogleCodeExporter]

A simple file system sample to illustrate the requirement:
1.move from one directory(D1) to another directory(D2) with certain
Role(Role_User1)
2.normally Role_User1 should have the Authorities(or permissions) to delete
D1 (also to write in it's parent directory) and to add in D2.
3. if any of the above conditions break, an accessDenyException should be
thrown before the method is invoked. NOT afterInvocationManager!

the official example of spring security acl provides a good example of this:
...
        <property name="decisionVoters">
            <list>
                <ref local="roleVoter" />
                <ref local="aclObjectReadVoter" />
                <ref local="aclObjectWriteVoter" />
                <ref local="aclObjectDeleteVoter" />
                <ref local="aclObjectAdminVoter" />
            </list>
        </property>
...

I checked out the most recent source code by svn. 
By the way, can i use chinese next time? If all the committers are all
chinese, haha?

Original issue reported on code.google.com by daiqing2...@gmail.com on 11 Nov 2009 at 9:37

[GoogleCodeExporter]

hi daiqing2009:
用acl实现你的其实很简单

只要在创建D2和D1时（或者单独授权），授权Role_User1可以对D2�
��D1有admin权限(或write权
限)，参考：
http://code.google.com/p/micrite/source/browse/tags/v0.11/modules/micrite-securi
ty/src/main/java/org/gaixie/micrite/security/service/impl/RoleServiceImpl.java
的Add(...) 方法
然后在move 
D1时判断Role的权限(直接取权限mask判断)，如果Role_User1对D1对��
�有write权限
（更新D1的路径属性），以及D2的write权限(更新D2的子目录list)
，则move成功。否则抛出异常。

权限mask的判断，需要手工编码，ACL似乎并没有这个接口的实�
��（只有一个对象访问过滤的实
现），不过应该很简单。

Original comment by bit...@gmail.com on 13 Nov 2009 at 10:47

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Original comment by bit...@gmail.com on 19 Nov 2009 at 2:14

• Changed state: WontFix