Apache shiro 隐含权限 [英] Apache shiro implied permissions
问题描述
如果用户拥有权限 user:edit:1
并且我使用的是注释驱动的 @RequiresPermissions("user:edit")
为什么 shiro 抛出一个例外?他们拥有 user:edit:1
的事实不应该暗示这种许可吗?如果我把 @RequriesPermissions("user:edit:1")
那么它工作正常,但在操作的上下文中,我不知道 1 是什么,以便稍后在方法中检查,但如果他们根本没有 user:edit
权限,我想完全避免进入该方法.
If a user has a permissions user:edit:1
and I'm using the annotation driven @RequiresPermissions("user:edit")
why is shiro throwing an exception? Shouldn't that permission be implied by the fact that they have user:edit:1
? If I put @RequriesPermissions("user:edit:1")
then it works fine but during the context of operation I won't know what 1 is yet so that will be checked later in the method, but I'd like to avoid going into the method at all if they don't have the user:edit
permission at all.
推荐答案
"user:edit"
暗示 "user:edit:1"
但反之则不然.您可以继续使用 @RequiresPermissions("user:edit")
然后检查方法中的 "1".您也可以使用通配符@RequiresPermissions("user:edit:*")
,这是完全相同的,但我认为它更清晰.
"user:edit"
implies "user:edit:1"
but not the other way around.
You can keep using @RequiresPermissions("user:edit")
and then check for the "1" in your method. You can also use a wildcard @RequiresPermissions("user:edit:*")
, which is the exactly the same but I think it's clearer.
这篇关于Apache shiro 隐含权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!