given Apache Shiro's permission format domain:action:instance
how would I define that a user may only change it's own account-data?
I could do the following but this leads to an enormous explosion of permissions:
useraccountdata:write:user1
permit to user1
...
useraccountdata:write:userN
permit to userN
What I need instead is something of permission-rules to configure this dynamically.
Something like: useraccountdata:write:user{n}
permit to user{n}
automatically for all n
Is this supported somehow or am I completely on the wrong path here? If not, how would you do it?
If you create your own version of Authorizer, you could just dynamically add the permission for that user with one of the isPermitted methods.