3 Replies Latest reply on Mar 4, 2009 11:40 PM by vk101

    Grant roles based on other roles

      Why do the following rules not successfully grant the new-role role to any user that currently has the old-role role?



      rule NewRoleForOldRole
      when
        Role(name == "old-rule")
        identity : Identity(loggedIn == true)
      then
        identity.addRole("new-role");
      end;




      When would the above action (i.e. identity.addRole()) get executed, or do I need to do something in the code to execute the actions of that role?

        • 1. Re: Grant roles based on other roles

          When I change identity.addRole to a System.out.println statement for debugging purposes, it never gets run - so the problem is that I'm not sure when these rules get executed. The documentation seems to indicate that this is automatically done only when a permission check is being executed. How could I trigger these checks at any arbitrary time, such as when doing an s:hasRole check?

          • 2. Re: Grant roles based on other roles
            shane.bryzak

            How are you inserting Identity into the working memory?

            • 3. Re: Grant roles based on other roles

              I actually haven't done anything to insert it - is that the problem? I saw examples elsewhere using Identity(loggedIn == true) and assumed it was naturally there. I'm guessing as documentation says I should use ((RuleBasedIdentity) RuleBasedIdentity.instance()).getSecurityContext().insert(), but where in the code should this go?