0 Replies Latest reply on Jul 15, 2009 5:03 PM by Chris Simons

    JpaPermissionStore: Check a session var without extending the entire Identity store?

    Chris Simons Expert

      I've researched Seam's built-in Identity Management components and I've determined that they meet our app's requirements - all for one.  In addition to checking the User/Recipient, the Object, and a target, I need to also have this check validated against an organizational code.


      Thus, I could have an Account:insert permission at one organization but not another.


      The user's currently logged in organization is stored in the session, let's say currentOrg.


      To further complicate things, each organization has a hierarchy.  An organizations may belong to one - and only one - higher-level organization.  If I have a role/permission at the higher-level organization, this role/permission trickles down to the lower-level organization(s).


      Therefore, if I check for a permission like:



      1. {s:hasPermission(target, 'insert')...I need the .hasPermission method to take into account this organizational hierarchy by checking the currentOrg variable and then to utilize an already existing framework for determining this organizational hierarchy - and then return a result.



      So that's my problem.  I'd prefer NOT to override the entire Identity Management store.  I'd like to start small - at the permission level - and work my way up as necessary.  Where would you suggest I begin?  Or, do I not have any options here but to build a custom identity store?



      Thank you for your time and assistance.