Robert von Burg
93022ba559
Now the PrivilegeContext object is central and once the user logged in, this object is bound to a ThreadLocal. From then there is no further need to interact with the PrivilegeHandler - this allows for authenticated users to get a remote copy of the PrivilegeContext so that on a remote client, the user can check for permissions, without having to do the round trip to the server. A code review of this change would be good, but preliminary tests show that it works. A test should now be implemented to check if getting a remote copy also allows for authorization. |
||
|---|---|---|
| .. | ||
| Model.xml | ||
| Privilege.xml | ||
| PrivilegeModel.xml | ||