Disclosure: I have about four hours of experience with drools.
This contrived rule works:
rule ReadJobTicket
no-loop
activation-group "permissions"
when
check: PermissionCheck(name == "jt", action == "read", granted == false)
JobTicket(titleName : title)
Role(name == titleName)
then
check.grant();
end
Permission is granted when the user has a role that matches the title in JobTicket. What I really want is permission granted when the user has a role that matches a field in the job ticket's organization. Something like:
rule ReadJobTicket
no-loop
activation-group "permissions"
when
check: PermissionCheck(name == "jt", action == "read", granted == false)
JobTicket(orgPrefix : organization.getPrefix())
Role(name == orgPrefix)
then
check.grant();
end
Unfortunately, this doesn't work. I'm not sure I'm referencing the prefix field in the jobTicket's organization properly. Can someone give me a clue? JobTicket has a method getOrganization(); Organization has a method getPrefix().
Next, I wanted to try inserting a long-lived fact into working memory in my app's authentication method. The seam documentation provides:
((RuleBasedIdentity) RuleBasedIdentity.instance()).getSecurityContext().insert(currentUser);
But I'm pretty sure it should read:
((RuleBasedIdentity) Identity.instance()).getSecurityContext().insert(currentUser);
But this generates a null pointer exception; it appears the security context does not exist. Any idea why?
And finally, can someone tell me what this means (from the seamspace example):
MemberBlog(member : member -> (member.getUsername().equals(principalName)))
I can't find anything in the drools documentation that describes this particular syntax.
Thanks!