Hello,
Let's say that we have the 'company' entity (aka 'parent'), with a property 'employees' holding 0..n 'employee' entity references (aka company's 'children'), and for each employee (aka 'parent' again in this case) there are several other entities (aka employee's 'children') holding various employee data.
What would be a good way (probably a security pattern?) to handle the access restrictions for users so that if UserA has access to CompanyA, it could give access to UserB (for CompanyA) by changing only the access rights for the 'main parent entity' in this case 'CompanyA' so that the access rights will propagate to all the children? Probably this can be done with ACLs and/or AOP but I didn't find a good way to do this yet, so that it's flexible and 'abstract'.
This, I think, is similar to the access rules on a forum website where some users have access to all the forums and others to only some of them, meaning that the ones with less access cannot even access directly (e.g. through manually building the URL) any of the children of the parents that they don't have access to.
I hope it makes some sense of what I'm trying to achieve.
Thank you,
[Message sent by forum member 'waxy' (waxy)]
http://forums.java.net/jive/thread.jspa?messageID=348009