in the wiki example the following hasPermission Tag is used
rendered="#{s:hasPermission('Node', 'create', currentDirectory)
currentDirectory is passed as a parameter.
the corresponding rule is
rule RestrictNodeCreateAccess
no-loop;
activation-group "permissions"
when
c: PermissionCheck(name == "Node", action == "create");
Directory(dirWriteAcccessLevel : writeAccessLevel, dirCreator : createdBy)
Role(userAccessLevel : accessLevel -> (userAccessLevel.intValue() >= dirWriteAcccessLevel.intValue()) )
or
User(authenticatedUserId : id -> (dirCreator.getId().equals(authenticatedUserId)) )
then
c.grant();
modify(c);
end;
Directory is a parameter. But where does the objects Role and User come from?