-
1. Re: Usage of @Restrict on entity!?
shane.bryzak May 28, 2008 9:52 AM (in response to socken)There is a separate section devoted to entity security in the security chapter of the Seam reference docs. In a nutshell, if you want to restrict access to your entities then you have to configure entity security and then write some security rules. As a side note, you can't use it to filter a list of records (although in Seam 2.1.0 you can) you can only restrict the standard events postload, prepersist, preupdate, etc.
-
2. Re: Usage of @Restrict on entity!?
stephen May 28, 2008 9:56 AM (in response to socken)Are you using JPA or native Hibernate?
If you use JPA have you configured the entity listener as described in14.6.5.1. Entity security with JPA
? -
3. Re: Usage of @Restrict on entity!?
socken May 28, 2008 9:57 AM (in response to socken)Thanks! I'll check the security chapter then.
So basically, if you work with roles (not rules), you just restrict access in your JSF pages?
That's what I'm doing now. But I thought if I restrict the access in my entities, I only had to declare restrictions once.And I don't want to filter a list of records (yet...).
But thanks for now, I'm off to reading..
-
4. Re: Usage of @Restrict on entity!?
socken May 28, 2008 10:01 AM (in response to socken)Mhh.. I am using JPA but I'll have to check if we have the listener setup correctly. Thanks for the tip!
-
5. Re: Usage of @Restrict on entity!?
socken May 28, 2008 10:04 AM (in response to socken)ARG!!! Stupid me .. forget my last post. We are using Hibernate in this application, not JPA!
So in this case, I don't have to do anything special for entity security..
-
6. Re: Usage of @Restrict on entity!?
xnejp03.pnejedly.ondemand.co.uk Jan 13, 2009 6:31 PM (in response to socken)
Shane Bryzak wrote on May 28, 2008 09:52:
... you can't use it to filter a list of records (although in Seam 2.1.0 you can) ...Shane, can you give me an example how to do this? I didn't find anything in the docs (maybe I'm just blind ;-) ). Let say I want to have a method that returns list of all products that belong to a company the logged in user is an employee of:
public List getAllProducts();
I presume there has to be a Drools rule implementing the permission logic. How would the annotation / code look like?
Thanks,
Petr