@Permission#
com.palmyralabs.palmyra.base.annotations.Permission
Declares the permission keys required to invoke a handler’s operations. Target: TYPE. Retention: RUNTIME.
Use cruds to assign a single permission across all CRUD operations, or set per-operation keys individually.
How these keys are evaluated#
Palmyra feeds each @Permission value through the standard Spring PermissionEvaluator registered in the application context — the same mechanism @PreAuthorize("hasPermission(...)") uses. This makes the authorization policy pluggable at the framework level:
- With the default
PalmyraPermissionEvaluator(shipped bypalmyra-dbacl-mgmt), the keys resolve against the ACL tables. - Register your own
PermissionEvaluatorbean — Keycloak/OPA bridge, in-house RBAC, remote SaaS — and the same@Permissionkeys resolve through your policy engine without touching handler code.
Attributes#
| Attribute | Signature |
|---|---|
value |
String value() — permission name/key |
cruds |
String cruds() default "" — combined CRUD permission |
read |
String read() default "" |
query |
String query() default "" |
create |
String create() default "" |
update |
String update() default "" |
delete |
String delete() default "" |
export |
String[] export() default {} — export permission(s) |
Example#
@Component
@CrudMapping(value = "/v1/admin/user", type = User.class)
@Permission(
value = "USER",
query = "USER_READ",
create = "USER_CREATE",
update = "USER_UPDATE",
delete = "USER_DELETE",
export = {"USER_EXPORT"}
)
public class UserCrudHandler implements CrudHandler {
}