Troy J. Kelley (Migrated from SEC-666) said:
Currently the tag supports integers for the permissions:
The implementation of the tag has a private method:
private Permission parsePermissionsString(String integersString)
which is hard-coded to use the BasePermission class. The BasePermission class has the following methods:
public static Permission buildFromName(String name)
public static Permission buildFromName(String names)
Given this, it should be pretty straightforward to enhance the parsePermissionString method to support the Names as well.
Which is much more intuitive as it is difficult to remember permission to integer mapping.
Going a bit further, it might also be desirable to allow a custom implementation of Permission to be specified on the ApplicationContext so that customPermission implementations could be used.
Oleg Gorobets said:
I’d better suggest to provide PermissionFactory (or PermissionBuilder) interface with method
Permission buildFromName(String name) to support several permission implementations rather than specifying only one in the application context.
Luke Taylor said:
This should already be available as part of the work on SEC-1022. The use of PermissionFactory to convert names or numeric values to Permission instances is already integrated with the tag. So you can supply an instance in the app contex, or use the default one (DefaultPermissonFactory).