I've researched Seam's built-in Identity Management components and I've determined that they meet our app's requirements - all for one. In addition to checking the User/Recipient, the Object, and a target, I need to also have this check validated against an organizational code.
Thus, I could have an Account:insert
permission at one organization but not another.
The user's currently logged in organization is stored in the session, let's say currentOrg
.
To further complicate things, each organization has a hierarchy. An organizations may belong to one - and only one - higher-level organization. If I have a role/permission at the higher-level organization, this role/permission trickles down
to the lower-level organization(s).
Therefore, if I check for a permission like:
currentOrgvariable and then to utilize an already existing framework for determining this organizational hierarchy - and then return a result.
So that's my problem. I'd prefer NOT to override the entire Identity Management store. I'd like to start small - at the permission level - and work my way up as necessary. Where would you suggest I begin? Or, do I not have any options here but to build a custom identity store?
Thank you for your time and assistance.