2 Replies Latest reply on Nov 7, 2013 4:30 PM by pcraveiro

    How to check privileges of user in a group

    jingglang
    jingglang Nov 3, 2013 10:30 AM

      Hi,

       

      I am new to Picketlink. I would like to create a group called 'staff' and then assigned it with 'create-article' privilege. Afterwards 'john' user are added to 'staff' group. But when I log in as 'john', I don't have 'create-article' privilege?

       

      This is what I did:

      1. create 'staff' group:

          Group staff = new Group("staff");

          identityManager.add(staff);

       

      2. create 'create-article' role

          Role roleCreateArticle = new Role("create-article");

          identityManager.add(roleCreateArticle);

       

      3. Assign 'create-article' to 'staff'

          BasicModel.grantRole(relationshipManager, staff, roleCreateArticle);

       

      4. Create 'john' user

          User john = new User("john");

          john.setEmail("john@panemu.com");

          john.setFirstName("john");

          john.setLastName("Syadzili");

          identityManager.add(john);

          identityManager.updateCredential(john, new Password("john"));

       

      5. Add 'john' to 'staff' group

         BasicModel.addToGroup(relationshipManager, john, staff);

       

      6. Check 'john' privelege after login

          Role role = getRole(this.identityManager, 'create-article');

          boolean result = hasRole(this.relationshipManager, this.identity.getAccount(), role);

       

      Why the result is false?

       

      Thank you

        • 1. Re: How to check privileges of user in a group
          pcraveiro
          pcraveiro Nov 6, 2013 3:55 PM (in response to jingglang)

          Hi,

           

              The BasicModel provides a tiny abstraction on top of PicketLink IDM API. It provides some basic validations and more meaningful methods to work with the basic model we provide (User, Role, Group, Grant, etc). See our docs for more details on this:

           

                      PicketLink Reference Documentation

           

              This validation in specific (that a role is granted to an user if it was granted to a group he belongs) is something that is not provided OOTB by the the BasicModel class. But you can always provide your own implementations with your own business logic.

           

              Please note that PL is not only the BasicModel, you can always provide your own identity model (and map it to any of the available identity stores) to better fit your requirements.

           

          Regards.

            • Actions
          • 2. Re: How to check privileges of user in a group
            pcraveiro
            pcraveiro Nov 7, 2013 4:30 PM (in response to pcraveiro)

            Hi Amrullah,

             

                After some internal discussion around this topic, we decided to provide this validation OOTB. You can check the JIRA here:

             

                    https://issues.jboss.org/browse/PLINK-322

             

                If you have any addition consideration, please fell free to add a comment to the issue above.

             

            Thanks.     

            1 of 1 people found this helpful
              • Actions