SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074
Labels
in: acl
An issue in spring-security-acl
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Oliver Fernandez (Migrated from SEC-2852) said:
It would be very useful to be able to impersonate another principal when using the annotation
hasPermission
The current interface
SecurityExpressionOperations
only declares the following methodboolean hasPermission(Object target, Object permission)
I propose to also declare:
boolean hasPermission(UserDetails principal, Object target, Object permission)
A very typical use case is that an administrator wants to list the entities a given user has permissions to read, and then manage those permissions.
In the following gist there is a possible implementation of this method:
https://gist.github.com/oliverfernandez/c56f833d058fcae53a1b
The text was updated successfully, but these errors were encountered: