Our intention was that if you wanted to add another permission like "update"
(a subset of "write") then you would return it from the method as part of
the EnumSet<Permission> for that resource. I would see how much trouble it
would be to add a new Permission value for "update".

Note that Cassandra itself doesn't make a distinction between "update" and
"add", because we don't (and probably can't, without locking?) look for an
existing value while doing an insert. This would probably be a larger patch
than you think.

On Mon, Jan 31, 2011 at 1:54 AM, indika kumara <ind...@apache.org> wrote:

> Hi All,
>
> Currently, there are two permissions - read and write, and there is no way
> to know the current operation being performed such as add, update, etc. If
> the operation is 'add', as the user is already logged into the system, I
> would like to authorize the user for the resource going to add. I think it
> is a valid use case, as the creator of a resource implicitly need to have
> the authority to access it.
>
> Current method
>
> public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object>
> resource);
>
> Purposed method
>
> ission> authorize(AuthenticatedUser user, List<Object> resource, Action
> action);    // Action is a enum and can be 'add', 'update', 'delete', etc.
>
> WDYT?
>
> Thanks,
>
> Indika
>

Reply via email to