I'm developing a simple CMS. One of the features is that an uploader is able to set permissions on the file he/she just uploaded. I'm using PersistentPermissions to do this.
What I would like to do is to grant @Read,@Update and @Delete on an entity based on the @Permissions from PersistentPermissions. That is, I would like to have a Rule like this (it doesn't work, but shows my intentions)
rule EditFileForOwner no-loop activation-group "permissions" when acct: UserAccount() file: BasicContent(usr : uploader -> (usr.getUserId().equals(acct.getUser().getUserId()))) check: PermissionCheck(target == file, action == "update_file", granted == false) then check.grant(); end //pseudocode - sort of :) check2: PermissionCheck(name == "basicContent", action in ("update", "delete"), granted == false) if(EditFileForOwner) then check2.grant();
The entity BasicContent:
@Permissions( { @Permission(action = "view_file"), @Permission(action = "remove_file"), @Permission(action = "update_file")}) @Entity public abstract class BasicContent { ... @PreUpdate @PreRemove @Restrict public void restrict() {}
So I guess it boils down to this. How do I check if a user has a given PersistentPermission in a Drools rule?
Thanks, Erik.