Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » Creating "smart" permissions
Creating "smart" permissions [message #1066646] Wed, 03 July 2013 14:37
Urs Beeli is currently offline Urs BeeliFriend
Messages: 573
Registered: October 2012
Location: Bern, Switzerland
Senior Member
Our systen will need to be multi-client capable. One requirement is that a user may only modify data for his own company, or for a company that grants him this right as a proxy.

We have a mapping of users to company numbers which defines which company's records a certain user may modify.

I've created a parametrised Permission class to handle this case:

public class ParametrisedPermission extends BasicPermission {
  private static final long serialVersionUID = 0L;

  public ParametrisedPermission(int param) {
    super("ParametrisedPermission" + param);
  }
}


In AccessControlService.execLoadPermissions() I can now create one ParametrisedPermission() for each client that the current user has an entry in this mapping DB.

Later, in the client when we are displaying a record for company X, I can call
if (ACCESS.check(new ParametrisedPermission(X)))

to check if the current user has the rights to modify this record or not.

So far so good.

However, we also have another requirement and that is that permissions be granted based on incremental degrees for a role. Let's say there is a "modification role" which defines if a user may change a record (independently of company codes).

This role can have various values:
0 = no changes allowed
1 = can only change records created by this user
2 = can change records created by anyone, provided he has company rights
3 = can change records created by anyone for any company

Unlike with the company codes, where we have a list of company codes a user may modify, here we only have one entry, specifying the "modifcation level" of the user which implicitely includes any lower permission.

If I define:
public class DegreePermission extends BasicPermission {
  private static final long serialVersionUID = 0L;

  public DegreePermission(int level) {
    super("DegreePermission" + level);
  }

  public boolean implies(Permission permission) {
    boolean result = super.implies(permission);
    if (result) {
      result = (level >= ((DegreePermission) permission).param);
    }
    return result;
  }
}


I can now do
permissions.add(new DegreePermission(2));

in AccessControlService.execLoadPermissions()

What I would like to do now on the client is the following:
ACCESS.check(new DegreePermission(0)) // expected result true
ACCESS.check(new DegreePermission(1)) // expected result true
ACCESS.check(new DegreePermission(2)) // expected result true
ACCESS.check(new DegreePermission(3)) // expected result false

However, it seems that the calls for 0, 1 and 3 return false purely on a name based comparison and my implies() method is never called.

On the other hand, if I replace my class definition with
public class DegreePermission extends BasicPermission {
  private static final long serialVersionUID = 0L;
  private int level;

  public DegreePermission(int level) {
    super("DegreePermission");
    this.level = level;
  }

  public boolean implies(Permission permission) {
    boolean result = super.implies(permission);
    if (result) {
      result = (level >= ((DegreePermission) permission).param);
    }
    return result;
  }
}


The call for
ACCESS.check(new DegreePermission(0)) // expected result true
returns true as expected, however, all subsequent calls (including the one for parameter 3) return true without ever calling my implies() method. It seems the result of the check is being cached due to the identical names passed to the super class in the constructor.

Is there any way what to do what I want to do?
Previous Topic:Hierarchical structur of ChildPages
Next Topic:Forcing a scout client to use a specific language
Goto Forum:
  


Current Time: Fri Mar 29 10:17:40 GMT 2024

Powered by FUDForum. Page generated in 0.04094 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top