2:36 a.m.
Hi,
I'm mew to this rules stuff, and although I've looked at rules engines such
as Corticon before, I got introduced to JBoss Rules through JBoss Seam's
security mechanism.
I'm trying to expand on Seam's built in functionality to assess a user's
permissions. My use case is that a user of the system may or may not have
permission to a resource based on the user's role AND the current date. The
system accepts certain actions only if "now" is between a certain start and
end date. What I'd like to do is something like this:
rule CanDoHisStuff
activation-group "permissions"
when
c: PermissionCheck(name == "stuff", action == "do", granted =
false)
now: new Date()
<--------------------------------------------------------------How can I
accomplish this?
ap: AppProps()
Role(name == "A Role")
eval(now >= ap.startDate, now <= ap.endDate)
then
c.grant();
end;
Now, I understand that in my code, I could assert an object "now". However,
a lot of the security is hidden behind the scenes in Seam. For example, this
rules will be fired from an XML definition file. E.g.
<page view-id="/restricted/doStuff.xhtml">
<restrict>#{s:hasPermission('stuff', 'do',
null)}</restrict>
<navigation from-action="#{createStuffManager.yesConfirmSave}">
<end-conversation/>
<redirect view-id="/restricted/viewStuff.xhtml"/>
</navigation>
</page>
While I could start extending Seam's security model, that seems a bit
invasive for such a simple task.
Thanks
/Kris
1 a.m.
hi Kris.
Well, you can't bind a variable to a new instance on the LHS - on the LHS
you have no control over when conditions are evaluated, so the value of
"now" would not necessarily be what you think.
Nevertheless, I can see what you want:
rule CanDoHisStuff
activation-group "permissions"
when
c: PermissionCheck(name == "stuff", action == "do", granted =
false)
ap: AppProps(startDate < ( now() ), endDate > ( now() ) )
Role(name == "A Role")
then
c.grant();
end;
this assumes you have a function :
function Date now()
return new Date();
end
(I havent' tested this, just a suggestion).
On 3/8/07, Rented User <rented(a)gmail.com> wrote:
Hi,
I'm mew to this rules stuff, and although I've looked at rules engines
such as Corticon before, I got introduced to JBoss Rules through JBoss
Seam's security mechanism.
I'm trying to expand on Seam's built in functionality to assess a user's
permissions. My use case is that a user of the system may or may not have
permission to a resource based on the user's role AND the current date. The
system accepts certain actions only if "now" is between a certain start and
end date. What I'd like to do is something like this:
rule CanDoHisStuff
activation-group "permissions"
when
c: PermissionCheck(name == "stuff", action == "do", granted =
false)
now: new Date()
<--------------------------------------------------------------How can I
accomplish this?
ap: AppProps()
Role(name == "A Role")
eval(now >= ap.startDate, now <= ap.endDate)
then
c.grant();
end;
Now, I understand that in my code, I could assert an object "now".
However, a lot of the security is hidden behind the scenes in Seam. For
example, this rules will be fired from an XML definition file. E.g.
<page view-id="/restricted/doStuff.xhtml">
<restrict>#{s:hasPermission('stuff', 'do',
null)}</restrict>
<navigation from-action="#{ createStuffManager.yesConfirmSave}">
<end-conversation/>
<redirect view-id="/restricted/viewStuff.xhtml"/>
</navigation>
</page>
While I could start extending Seam's security model, that seems a bit
invasive for such a simple task.
Thanks
/Kris
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
12:57 a.m.
Hi Michael,
Thanks for the reply. While waiting for a reply to my question, I came up
with the following:
...
when
c: PermissionCheck(name == "stuff", action == "do", granted =
false)
AppProp(now == (new Date()), s: startDate -> (s.getTime() < now.getTime()),
e: endDate -> (e.getTime() > now.getTime()) )
Role(name == "A Role")
then
...
Yours looks a lot simpler than mine, though :)
Could you explain why the value of "now" would be what would be expected?
Would it not be the time when the rule fires? I'm a bit worried now :/
Best Regards,
Kris
On 3/9/07, Michael Neale <michael.neale(a)gmail.com> wrote:
hi Kris.
Well, you can't bind a variable to a new instance on the LHS - on the LHS
you have no control over when conditions are evaluated, so the value of
"now" would not necessarily be what you think.
Nevertheless, I can see what you want:
rule CanDoHisStuff
activation-group "permissions"
when
c: PermissionCheck(name == "stuff", action == "do", granted =
false)
ap: AppProps(startDate < ( now() ), endDate > ( now() ) )
Role(name == "A Role")
then
c.grant();
end;
this assumes you have a function :
function Date now()
return new Date();
end
(I havent' tested this, just a suggestion).
On 3/8/07, Rented User < rented(a)gmail.com> wrote:
> Hi,
>
> I'm mew to this rules stuff, and although I've looked at rules engines
> such as Corticon before, I got introduced to JBoss Rules through JBoss
> Seam's security mechanism.
>
> I'm trying to expand on Seam's built in functionality to assess a
user's
> permissions. My use case is that a user of the system may or may not have
> permission to a resource based on the user's role AND the current date. The
> system accepts certain actions only if "now" is between a certain start
and
> end date. What I'd like to do is something like this:
>
> rule CanDoHisStuff
> activation-group "permissions"
> when
> c: PermissionCheck(name == "stuff", action == "do", granted =
false)
> now: new Date()
> <--------------------------------------------------------------How can I
> accomplish this?
> ap: AppProps()
> Role(name == "A Role")
> eval(now >= ap.startDate, now <= ap.endDate)
> then
> c.grant();
> end;
>
> Now, I understand that in my code, I could assert an object "now".
> However, a lot of the security is hidden behind the scenes in Seam. For
> example, this rules will be fired from an XML definition file. E.g.
>
> <page view-id="/restricted/doStuff.xhtml">
> <restrict>#{s:hasPermission('stuff', 'do',
null)}</restrict>
> <navigation from-action="#{
createStuffManager.yesConfirmSave}">
> <end-conversation/>
> <redirect view-id="/restricted/viewStuff.xhtml"/>
> </navigation>
> </page>
>
> While I could start extending Seam's security model, that seems a bit
> invasive for such a simple task.
>
> Thanks
>
> /Kris
>
>
>
>
> _______________________________________________
> rules-users mailing list
> rules-users(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
2:36 a.m.
Sigh! I don't understand what is going on.
I added another rule which is almost identical:
rule BidderReqCorrection
no-loop
activation-group "permissions"
when
c: PermissionCheck(name == "stuff", action == "find", granted =
false)
Role(name == "A Role")
AppProp(now == (new Date()), s: startDate -> (s.getTime() < now.getTime()),
e: endDate -> (e.getTime() > now.getTime()) )
then
c.grant();
modify(c);
end;
But now I get the error:
org.drools.rule.InvalidRulePackage: Unable to create Field Extractor for
'now'
Rule Compilation error Unknown variable or type "now" Class "
java.lang.Object" has no method named "getTime" Expression "now"
is not an
rvalue Expression "now" is not an rvalue Expression "now" is not an
rvalue
Exception:null
Its a copy-and-paste from the first rule. Just changed the action from "do"
to "find".
It does not matter if I comment out all the other rules or not. This new
rule always causes the error.
6471
days inactive
6473
days old
3 comments
2 participants
participants (2)
-
Michael Neale -
Rented User