Author: shane.bryzak(a)jboss.com
Date: 2008-05-12 00:01:32 -0400 (Mon, 12 May 2008)
New Revision: 8157
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/resources/import.sql
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
Log:
filter member images by permission
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 04:00:45 UTC
(rev 8156)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-12 04:01:32 UTC
(rev 8157)
@@ -56,10 +56,10 @@
no-loop
activation-group "permissions"
when
- member: Member()
- image: MemberImage(mbr : member -> (mbr.friends contains member))
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.isFriend(acct.member)))
PermissionCheck(target == image, action == "view")
- role: RoleCheck(name == "friend")
+ role: RoleCheck(name == "friends")
then
role.grant();
end
Modified: trunk/examples/seamspace/resources/import.sql
===================================================================
--- trunk/examples/seamspace/resources/import.sql 2008-05-12 04:00:45 UTC (rev 8156)
+++ trunk/examples/seamspace/resources/import.sql 2008-05-12 04:01:32 UTC (rev 8157)
@@ -3,8 +3,9 @@
insert into Member (memberid, membername, firstname, lastname, email, tagline, gender,
dob, location, membersince) values (3, 'shadowman', 'shadow',
'man', 'shadowman(a)redhat.com', 'I''m wearing a hat', 0,
'1999-01-01', '', '2007-01-05')
insert into Member (memberid, membername, firstname, lastname, email, tagline, gender,
dob, location, membersince) values (4, 'mona', 'mona', 'lisa',
'monalisa(a)louvre.fr', 'Some describe me as enigmatic', 1,
'1503-07-01', '', '2007-01-06')
-insert into MemberRole (roleid, name) values (1, 'user');
-insert into MemberRole (roleid, name) values (2, 'admin');
+insert into MemberRole (roleid, name, conditional) values (1, 'user', false);
+insert into MemberRole (roleid, name, conditional) values (2, 'admin', false);
+insert into MemberRole (roleid, name, conditional) values (3, 'friends', true);
insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(1, 'demo', '/9Se/pfHeUH8FJ4asBD6jQ==', 1, 1);
insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(2, 'duke', 'lykcKcxppliQQk0Pl9so8g==', 1, 2);
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java
===================================================================
---
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java 2008-05-12
04:00:45 UTC (rev 8156)
+++
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberRole.java 2008-05-12
04:01:32 UTC (rev 8157)
@@ -10,6 +10,7 @@
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
+import org.jboss.seam.annotations.security.management.RoleConditional;
import org.jboss.seam.annotations.security.management.RoleGroups;
import org.jboss.seam.annotations.security.management.RoleName;
@@ -20,6 +21,7 @@
private Integer roleId;
private String name;
+ private boolean conditional;
private Set<MemberRole> groups;
@@ -60,4 +62,15 @@
{
this.groups = groups;
}
+
+ @RoleConditional
+ public boolean isConditional()
+ {
+ return conditional;
+ }
+
+ public void setConditional(boolean conditional)
+ {
+ this.conditional = conditional;
+ }
}
Modified:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java
===================================================================
---
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12
04:00:45 UTC (rev 8156)
+++
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/PictureSearch.java 2008-05-12
04:01:32 UTC (rev 8157)
@@ -12,6 +12,7 @@
import org.jboss.seam.annotations.Out;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.web.RequestParameter;
+import org.jboss.seam.security.Identity;
@Name("pictureSearch")
@Scope(EVENT)
@@ -52,5 +53,6 @@
"select i from MemberImage i where i.member.memberName = :name")
.setParameter("name", memberName)
.getResultList();
+ Identity.instance().filterByPermission(memberImages, "view");
}
}