4 Replies Latest reply on Nov 26, 2008 11:26 AM by shane.bryzak

    PermissionResolver.filterSetByAction - denying or allowing?

    edek234
    edek234 Nov 22, 2008 11:32 AM

      Hi,


      my question is: should this method leave in the Set target for which the resolver allows or denies access?


      Seam 2.1.0.SP1, docs 15.6.8.1.1. Writing your own PermissionResolver



      This method should remove any objects from the specified set, that would otherwise return false if passed to the hasPermission() method with the same action parameter value.

      I understand the above: leave the targets for which access is allowed, remove denied.


      In PermissionMapper.filterByPermission:



           if (homogenous)
      { 
         Set<Object> denied = new HashSet<Object>(collection);   
         ResolverChain chain = getResolverChain(targetClass, action);
         for (PermissionResolver resolver : chain.getResolvers())
         {
            resolver.filterSetByAction(denied, action);
         }
         for (Object target : denied)
         {
            collection.remove(target);
         }     
      }


      If I understand: PermissionReolvers leave the denied targets in the Set. That would actually make sense, because if any PermissionResover allows, removes the Object from the Set, and permission is allowed, following the logic of PermissionResolver.hasPermission.


      Do I miss anything, or is the documentation wrong?


      Greetings,
      Stefan