I’m trying to display the action buttons (view,edit..) for an entity in the datagrid, based on the object-based ACL, if set for the user/role. Otherwise the class-based ACL should be used.
Will using ACL annotation always lead to a class based decision? I already tried an approach with the @ParamConverter annotation. But it seems users get no permission to display the entity, even if they have access on class level and no object-based ACL is specified.
What is a good approach for the problem?
Many thanks in advance.
You must be logged in to reply to this topic.