5 Replies Latest reply on Jan 24, 2008 5:05 AM by Eric H

    Tricky Q on Hibernate filters and roles

    Eric H Novice

      Here's the situation:

      I'm creating a site where users can collaborate to work on data as a group. I'm calling a set of data for a set of users a "domain". Every user is a member of exactly one domain, and of course users can only access data within their own domain.

      On top of this, there are system administration level users who can look at any data.

      This sounds like a great case for using Hibernate style filters. Every object in the system is associated with a domain, so I can put in a filter that has key of "domain" and value of "#{currentUser.domain}". This will restrict users to viewing only their objects, and then I don't have to worry about it.

      The difficulty is that I want that filter to be turned off for the sysadmin type users. I'd like to have session beans that use a filtered EntityManager when the user is a "normal" user, but use the unfiltered EntityManager when the user s:hasRole('sysadmin').

      Is it possible to do this? Or is this even the right thing to do? I've never used Hibernate filters before (or at least, not in a Seam / EJB3 application).