Hi Michael,

 

Thanks for the reply. While waiting for a reply to my question, I came up with the following:

 

...

when
  c: PermissionCheck(name == "stuff", action == "do", granted = false)
  AppProp(now == (new Date()), s: startDate -> (s.getTime() < now.getTime()), e: endDate -> (e.getTime() > now.getTime()) )
  Role(name == "A Role")
then
...

 

Yours looks a lot simpler than mine, though :)

 

Could you explain why the value of "now" would be what would be expected? Would it not be the time when the rule fires? I'm a bit worried now :/

 

Best Regards,

Kris

 

On 3/9/07, Michael Neale <michael.neale@gmail.com> wrote:

hi Kris.

Well, you can't bind a variable to a new instance on the LHS - on the LHS you have no control over when conditions are evaluated, so the value of "now" would not necessarily be what you think.

Nevertheless, I can see what you want:


rule CanDoHisStuff
  activation-group "permissions"
when
  c: PermissionCheck(name == "stuff", action == "do", granted = false)

  ap: AppProps(startDate < ( now() ), endDate > ( now() ) )
  Role(name == "A Role")

then
  c.grant();
end;

this assumes you have a function :

function Date now()
 return new Date();
end

(I havent' tested this, just a suggestion).

On 3/8/07, Rented User < rented@gmail.com> wrote:

Hi,

I'm mew to this rules stuff, and although I've looked at rules engines such as Corticon before, I got introduced to JBoss Rules through JBoss Seam's security mechanism.

I'm trying to expand on Seam's built in functionality to assess a user's permissions. My use case is that a user of the system may or may not have permission to a resource based on the user's role AND the current date. The system accepts certain actions only if "now" is between a certain start and end date. What I'd like to do is something like this:

rule CanDoHisStuff
  activation-group "permissions"
when
  c: PermissionCheck(name == "stuff", action == "do", granted = false)
  now: new Date()  <--------------------------------------------------------------How can I accomplish this?
  ap: AppProps()
  Role(name == "A Role")
 eval(now >= ap.startDate, now <= ap.endDate) 
then
  c.grant();
end;

Now, I understand that in my code, I could assert an object "now". However, a lot of the security is hidden behind the scenes in Seam. For example, this rules will be fired from an XML definition file. E.g.

    <page view-id="/restricted/doStuff.xhtml">
        <restrict>#{s:hasPermission('stuff', 'do', null)}</restrict>
        <navigation from-action="#{ createStuffManager.yesConfirmSave}">
            <end-conversation/>
            <redirect view-id="/restricted/viewStuff.xhtml"/>
        </navigation>
    </page>

While I could start extending Seam's security model, that seems a bit invasive for such a simple task.

Thanks

/Kris

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users