Back Forum Reply New
amy

1#
Print
tT
Post at 2011-4-15 14:33 | This Author's Posts Only

ACLs and BasePermission.CREATE

Hi folks,

Can someone explain how to handle the CREATE permission in the new ACLs module plz? I guess I am missing something obvious but what? Here is the description of my problem :

I have an application with 2 roles, say ROLE_ADMIN and ROLE_USER which hold different permissions for handling a domain object class, say POJO.ROLE_ADMIN should be able to create and save any pojo.ROLE_USER should be able to create any pojo but should be able to save an existing pojo only if it has an ACLentry with CREATE permission.In my business layer, I have a PojoManager which has a savePojo(Pojo p) method. this method is used to persit both new or existing Pojos. In the authorization config file I have this line in the objectDefinitionSource of the MethodSecurityInterceptor bean  :foo.bar.PojoManager.savePojo=ROLE_ADMIN,ACL_PATIEN  T_WRITEit works as expected when persisting existing pojos. ROLE_ADMIN can save any pojo and ROLE_USER can save pojos having an ACLentry with WRITE perimission for him.

The problem comes with creation of new Pojos. it's okay for ROLE_ADMIN since the role is granted but how to deal with ROLE_USER?

Obviously, I can not have any ACLentry with CREATE Permission since the Pojo doesn't exist yet in database. And when I try to create a new Pojo as a ROLE_USER I get :

java.lang.IllegalArgumentException: getId() is required to return a non-null value

I tried to change my config file with :

foo.bar.PojoManager.savePojo=ROLE_ADMIN,ROLE_USER,  ACL_PATIENT_WRITE

but then a ROLE_USER can save any existing pojo, even though it does not have an ACL permission...

Can someone help me to understand the rationale behind creation permission please?

Thanks,

thogau

Hi again,

Nobody can tell a few words on how to use the CREATE permission of the ACL package please? It is not used in the contact sample webapp and I could not find any information anywhere... My main question is actually : how to create an ACL entry for an object that does not exist yet in DB?
Thanks.

Check out the reference guide in 2.0.0, which we just updated to show exactly that (how to create a new ACL in the DB). The document management system sample in SVN also shows this pretty well.

Thank you! I am having a look at the dms sample app but I can not find the reference guide for 2.0.0
Would you please give me a link (or a way to grab ti) to this file plz?

Hum... I promise I'll read sticky post before asking a question nex time...
I found it here : sp...gsecurity.html

Thanks for the work.
Favor Share Rate
Reply Quote

Subscribe TOP

¥
Back Forum Reply New