If a user has a permissions user:edit:1
and I'm using the annotation driven @RequiresPermissions("user:edit")
why is shiro throwing an exception? Shouldn't that permission be implied by the fact that they have user:edit:1
? If I put @RequriesPermissions("user:edit:1")
then it works fine but during the context of operation I won't know what 1 is yet so that will be checked later in the method, but I'd like to avoid going into the method at all if they don't have the user:edit
permission at all.
"user:edit"
implies "user:edit:1"
but not the other way around.
You can keep using @RequiresPermissions("user:edit")
and then check for the "1" in your method. You can also use a wildcard @RequiresPermissions("user:edit:*")
, which is the exactly the same but I think it's clearer.