Hi,

I was going through the sources of seam-1.2.1.GA and 2.0.0.CR2 and noticed something I found odd.

According to the documentation, I can use s:hasPermission to check for certain ACL like permissions. However in the code when I click through the functions, I get to checkPermission, which calls hasPermission to do the real check. The hasPermission function however, just returns false. This would lead to nobody having permissions right? Please correct me if I'm wrong and the check is done in some other way. It looks like this code still has to be finished, although there's no TODO with it.

I'm evaluating Seam as an option for our company and so I'm writing a little Jira like hobby project. I'd like to use the hasPermission and Drools PermissionCheck to evaluate some ACL like permissions. I was just going through the code to see how I would have to set up a database and how the checks are done. I'm not really clear as to how to use ACLs in Seam.

What I want to do is put users in certain groups (role checking), which seems to be just fine. I want to give certain users read/write/create/delete rights on certain topics/projects, etc. I'm kind off used to Acegi, where I'd would create AclIdentity objects for these factors and AclPermission objects on these AclIdentity objects, with the permissions for a certain recipient (User/Group) on a certain Entity with some id.

Could anyone please fill me in on the best practice to do something like this with Seam (and perhaps JAAS?)?

Any help would be very welcome.

Jan