-
1. Re: Restrict on class rather than entity
joblini Jun 12, 2009 12:55 AM (in response to yahawari)Hi Yasser, any luck with this? I am trying to do the same thing.
-
2. Re: Restrict on class rather than entity
joblini Jun 12, 2009 1:00 AM (in response to yahawari)The best I have come up with so far is:
@Restrict("#{s:hasPermission('Stakeholder','read')}") @PostLoad public void postLoad() { System.out.println("Stakeholder.postLoad()"); }
Seams as though there must be a better way (no pun intended) ...
-
3. Re: Restrict on class rather than entity
yahawari Jun 12, 2009 5:30 AM (in response to yahawari)hi Ingo,
that was my best shot as well. i also added the following to the entity definition so that i can query which permissions apply to this class.
@Permissions({ @Permission(action = "insert"), @Permission(action = "delete"), @Permission(action = "update"), @Permission(action = "read") }) @Entity public class SimpleTask { ....
there is another way to do this if u decide to place ur security checking code on a DAO class (like entityHome). u can annotate a function to have certain access to the class in general (SEAM GUIDE 15.6.6 - Typesafe Permission Annotations).
for me i have followed the first method which turns to be VERY restricting as it is applied by the entityManager anytime it pulls this class's data (from anywhere).
that led me to a new problem :).. my application responds to some of the user actions by doing some other operations which could possible access a class that the user does not have the access rights to :(.
now i had to create a system user which has a permission to do anything (thanks to drools):
rule system_masterPermission no-loop activation-group "permissions" when check: PermissionCheck(granted == false) Role(name == "system") then check.grant(); end
and now i have to use RunAs to kick start any possibly restricted operation.
i hope that someone could shed some light on how to do this in a cleaner way