0 Replies Latest reply on Aug 10, 2007 1:52 PM by Andrew

    [Rules] Seam security and validating entities

    Andrew Apprentice

      I've got the seam rules engine installed and am trying to write a drl file to grant access to my entities. I have a class that is restricted. Relevant beans:

      CustomerCalendar {
      members : List
      CalendarMember {
      user : User
      User {
      username : String

      The "CustomerCalendar" entity bean is restricted. I want it to be accessed only by users that are logged in and that are members of the calendar.

      So my rules text must be something like:
      if (check is read calendar)
      and the calendar has a member with the user that is the current logged in user.

      My login code has asserted the User object into the security context.

      What I've got so far (that is not valid):

      rule "Read calendar"
       activation-group "permissions"
       check: PermissionCheck(name == "calendar", action == "read", granted == false)
       user: User()
       CustomerCalendar(members : members contains CalendarMember(user == user))

      How can I write such a rule? The user guide for drools has extremely simple examples of contains (containing strings, not other objects).