3 Replies Latest reply on Nov 4, 2008 10:09 PM by Alejandro Mario

    Does Seam Permissioning allow hierarchy of targets?

    Naresh Bhatia Newbie

      Quick question about Seam permissioning model - does it allow a hierarchy of targets and then allowing and/or denying an action at any level in the hierarchy. For example, I can allow a recipient to see all files in a folder, but then I go to one of the files in this folder an deny access to it. This would be much simpler than (say) granting access to all but one files in the folder.


      Thanks.
      Naresh

        • 1. Re: Does Seam Permissioning allow hierarchy of targets?
          Shane Bryzak Master

          You would need to implement something like this yourself.  Since the scope of what type of objects permissions can be defined for is pretty much infinite, there's not really a generic solution that we can apply to a problem like this.

          • 2. Re: Does Seam Permissioning allow hierarchy of targets?
            Naresh Bhatia Newbie

            Fair enough. Thanks for your quick response Shane.

            • 3. Re: Does Seam Permissioning allow hierarchy of targets?
              Alejandro Mario Newbie
              Hi Naresh
              This is how I solved it:
              First I put this entry in my pages.xml

              <page view-id="/*" login-required="true" action="#{permissionResolver.checkCurrentUserRights()}" >
                     <navigation>
                          <rule if-outcome="not-authorized">
                              <redirect view-id="/error.xhtml" >
                                   <message>you don´t have permissions to view this</message>
                              </redirect>
                          </rule>
                     </navigation>
              </page>

              And the implementation of checkCurrentUserRights():

                   public String checkCurrentUserRights() {
                        String viewId = facesContext.getCurrentInstance().getViewRoot().getViewId();     
                        do{
                             if (dataLoader.getPermissionsTable().containsKey(viewId))
                             {
                                  Permission temp = dataLoader.getPermissionsTable().get(viewId);
                                  if (temp.getUserPermissions().containsKey(this.user.getUsername())){
                                       if (temp.getUserPermissions().get(this.user.getUsername()) == true)
                                             return this.OK;
                                       else return this.NO_ACCESS;
                                  }
                                  ConcurrentHashMap<String, Boolean> intersection = new ConcurrentHashMap<String, Boolean>(temp.getRolesDeniedPermissions());
                                  if(intersection.keySet().retainAll(userTools.getRolesStrings()))
                                       return this.NO_ACCESS;
                                  ConcurrentHashMap<String, Boolean> intersection2 = new ConcurrentHashMap<String, Boolean>(temp.getRolesAllowedPermissions());
                                  if(intersection2.keySet().retainAll(userTools.getRolesStrings()))
                                       return this.OK;
                             }

                             viewId = viewId.substring(0, viewId.lastIndexOf("/"));
                             
                        } while (viewId.length() > 1);
                             
                        return this.NO_ACCESS;
                   }

              }

              where dataLoader has a concurrentHashMap containing entries of Permissions, which in turn has 3 concurrentHashMap, one for the permissions defined por especific users, and the others two for de roles that I want to denied or to permit, if there is no entry defined por this especific file I check for entrys for the directories where this file is located. I load the data to fill this tables from 3 tables in my database, resources, users, roles and their relations.

              I hope this helps you.