3 Replies Latest reply on Dec 30, 2009 3:01 AM by Damon Chong

    Granting based on user permission and roles

    Damon Chong Newbie

      Hi,


      Firstly, thanks for all replies. I haved tried to google for a solution for this but I feel like I am just missing one small thing.


      I have a xhtml file with the following permission check


      <rich:dropDownMenu id="npcDropDownMenu" style="float: left;" rendered="#{s:hasPermission('compoundBrowser', 'view')}">



      And in my permission database table i have inserted a record as follows:


      insert into user_permission (action,discriminator,recipient,target) 
      values ('view','user','demo','compoundBrowser');



      Now if I logging as the userid 'demo', the drop down menu appears. However, I would like to enable userids with 'Admin' roles to be able to see this particular drop down menu as well. So I added this in my components.xml file


         <drools:rule-base name="securityRules">
            <drools:rule-files>
               <value>/security.drl</value>
               <value>/META-INF/npc.drl</value>
            </drools:rule-files>
         </drools:rule-base>
      



      and in my npc.drl I have the following rules but it is not firing.


      rule AdminCanViewEditAnything
      
           when
                browser: CompoundBrowser()
                check: PermissionCheck(target == browser)
                Role(name == "Admin")          
           then 
                check.grant();
                System.out.println("Admin view and edit enabled.");
      end
      



      Oh, my CompoundBrowser class is annotated with both @Identifier and @Name. Any help appreciated, thanks in advance!



      Rgds,
      Damon




        • 1. Re: Granting based on user permission and roles
          Shane Bryzak Master

          You have two different permission checks, one (the persistent one) is for a target of literal string 'compoundBrowser', the other one (the rule-based one) is for a target of an instance of the CompoundBrowser class.  You probably want to modify the rule to read as follows to bring them in line:



          rule AdminCanViewEditAnything
          when
            check: PermissionCheck(target == 'compoundBrowser')
            Role(name == "Admin")
          then
            check.grant();
          end



          • 2. Re: Granting based on user permission and roles
            Damon Chong Newbie

            Thanks for the advice Shane, but unfortunately I am still facing the same problem. Guess I have to try harder on this one. Anyway, merry X'mas!  ;-)

            • 3. Re: Granting based on user permission and roles
              Damon Chong Newbie

              Hi Shane,


              Happy new year to you. I figure out why it is not working. Apparently the package name for the different drl files must be the same. My default rule file, security.drl was using package com.abc.defaultPermissions; while the npc.drl was using com.abc.npcPermissions. I could not find any mention in the Seam documentation that this needs to be so. I guess it might be in the Drools documentation. Oh well, hope this helps anyone facing similar problems. Thanks alot!



              Shane Bryzak wrote on Dec 24, 2009 08:41:


              You have two different permission checks, one (the persistent one) is for a target of literal string 'compoundBrowser', the other one (the rule-based one) is for a target of an instance of the CompoundBrowser class.  You probably want to modify the rule to read as follows to bring them in line:


              rule AdminCanViewEditAnything
              when
                check: PermissionCheck(target == 'compoundBrowser')
                Role(name == "Admin")
              then
                check.grant();
              end






              Click HELP for text formatting instructions. Then edit this text and check the preview.