0 Replies Latest reply on Aug 10, 2007 1:52 PM by andrew.rw.robinson

    [Rules] Seam security and validating entities

    andrew.rw.robinson

      I've got the seam rules engine installed and am trying to write a drl file to grant access to my entities. I have a class that is restricted. Relevant beans:

      @Name("calendar")
      CustomerCalendar {
      members : List
      }
      CalendarMember {
      user : User
      }
      User {
      username : String
      }

      The "CustomerCalendar" entity bean is restricted. I want it to be accessed only by users that are logged in and that are members of the calendar.

      So my rules text must be something like:
      if (check is read calendar)
      and the calendar has a member with the user that is the current logged in user.

      My login code has asserted the User object into the security context.

      What I've got so far (that is not valid):

      rule "Read calendar"
       no-loop
       activation-group "permissions"
      when
       check: PermissionCheck(name == "calendar", action == "read", granted == false)
       user: User()
       CustomerCalendar(members : members contains CalendarMember(user == user))
      then
       check.grant();
      end;


      How can I write such a rule? The user guide for drools has extremely simple examples of contains (containing strings, not other objects).

      Thanks,
      Andrew