Hibernate version: 2.1.6
I've been scratching my head for some time now trying to implement some kind of "hierarchical ACL" to define permissions between persistent objects of different kinds.
Among others, I have the following entities:
- Profiler - logged in user
- Profilee - person beeing profiled
- Profile - single profile created by a Profiler on a Profilee
The implementation must handle the following:
- A Profiler X can only see Profilees that he/she has "read" access to - either directly or via a Profiler Y to which Profiler X has "read" access to, and which in turn has "read" access to the Profilees.
- A Profiler X can only modify Profilees that he/she has "write" access to - either directly or via a Profiler Y to which Profiler X has "write" access to, and which in turn has "write" access to the Profilees.
- A Profiler can only see Profiles that he/she has "read" access to - either directly or via Profilers/Profilees he/she has "read" access to.
- A Profiler can only modify Profiles that he/she has "read" access to - either directly or via Profilers/Profilees he/she has "read" access to.
How should I map those objects together? And even more delicate: How do I define the HQL for retrieving the readable/writable Profilees/Profiles for a given Profiler?
Login
FAQ
Search