Here is the suggested implementation of the permission evaluator that takes into account transitive permissions. The idea is that the algorithm will automatically build the query based on the object model structure. To let the algorithm now which entity is parent to the current one, the new annotation @Parent has been introduced. Thus the field country in the Area object will be marked with @Parent and the resulting query will contain the check for the parent object.
The query (actually 2 queries: one for direct User-to-Object permissions and the other is for User-to-Group-to-Object ones) is constructed and executed in WaterEquipmentDaoImpl#isAuthorized.
Here is the suggested implementation of the permission evaluator that takes into account transitive permissions. The idea is that the algorithm will automatically build the query based on the object model structure. To let the algorithm now which entity is parent to the current one, the new annotation
@Parenthas been introduced. Thus the fieldcountryin theAreaobject will be marked with@Parentand the resulting query will contain the check for the parent object.The query (actually 2 queries: one for direct User-to-Object permissions and the other is for User-to-Group-to-Object ones) is constructed and executed in
WaterEquipmentDaoImpl#isAuthorized.The unit test can be found in
DaoTest./cc @shiwanlin