/* * Copyright 2008 IHE International (http://www.ihe.net) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package Permissions; import java.security.Principal; import org.jboss.seam.security.permission.PermissionCheck; import org.jboss.seam.security.Role; import net.ihe.gazelle.tm.application.action.ApplicationManager; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : Users-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** General GazelleMasterModel --------------------------- */ rule canUserEditModel when c: PermissionCheck(name == "MasterModel", action == "edit") (Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) and eval(net.ihe.gazelle.tm.application.action.ApplicationManager.instance().isMasterModel())) then c.grant(); end rule canUserViewModel when c: PermissionCheck(name == "MasterModel", action == "view") /** a guest may view a domain - no rule */ then c.grant(); end /** UserManager ---------------------------------------- */ rule canUserAddUser when c: PermissionCheck(name == "UserManager", action == "addUser") /** a guest may create a user - no rule */ then c.grant(); end rule canAddUserByAdmin when c: PermissionCheck(name == "UserManager", action == "addUserByAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateUser when c: PermissionCheck(name == "UserManager", action == "updateUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteUser when c: PermissionCheck(name == "UserManager", action == "deleteUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewUser when c: PermissionCheck(name == "UserManager", action == "viewUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditUser when c: PermissionCheck(name == "UserManager", action == "editUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateUser when c: PermissionCheck(name == "UserManager", action == "createUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetInstitution when c: PermissionCheck(name == "UserManager", action == "getInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetListOfUsersToDisplay when c: PermissionCheck(name == "UserManager", action == "getUsersListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetAllUsersListForAdmin when c: PermissionCheck(name == "UserManager", action == "getAllUsersListForAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserUseNewUserButton when c: PermissionCheck(name == "UserManager", action == "addNewUserButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUpdatePassword when c: PermissionCheck(name == "UserManager", action == "updatePassword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end /** AddressManager ---------------------------------------- */ rule canUserAddAddress when c: PermissionCheck(name == "AddressManager", action == "addAddress") /** a guest may create a user - no rule */ then c.grant(); end rule canUserUpdateAddress when c: PermissionCheck(name == "AddressManager", action == "updateAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteAddress when c: PermissionCheck(name == "AddressManager", action == "deleteAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewAddress when c: PermissionCheck(name == "AddressManager", action == "viewAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditAddress when c: PermissionCheck(name == "AddressManager", action == "editAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateAddress when c: PermissionCheck(name == "AddressManager", action == "createAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetAddressWithCountryAutoComplete when c: PermissionCheck(name == "AddressManager", action == "countryAutoComplete") /** a guest may create a user - no rule */ then c.grant(); end rule canUserGetAddressIso3166CountryCodes when c: PermissionCheck(name == "AddressManager", action == "getIso3166CountryCodes") /** a guest may create a user - no rule */ then c.grant(); end /** InstitutionManager ---------------------------------------- */ rule canUserAddInstitution when c: PermissionCheck(name == "InstitutionManager", action == "addInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserUpdateInstitution when c: PermissionCheck(name == "InstitutionManager", action == "updateInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreateFinancialInformationsForInstitution when c: PermissionCheck(name == "InstitutionManager", action == "createFinancialInformationsForInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewInstitution when c: PermissionCheck(name == "InstitutionManager", action == "viewInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserDeleteInstitution when c: PermissionCheck(name == "InstitutionManager", action == "deleteInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING) then c.grant(); end rule canUserUseNewInstitutionButton when c: PermissionCheck(name == "InstitutionManager", action == "addNewInstitutionButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserEditInstitution when c: PermissionCheck(name == "InstitutionManager", action == "editInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserEditInstitutionSession when c: PermissionCheck(name == "InstitutionManager", action == "editInstitutionSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserValidateInstitutionName when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionName") /** a guest may create a user - no rule */ then c.grant(); end rule canUserValidateInstitutionKeyword when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionKeyword") /** a guest may create a user - no rule */ then c.grant(); end rule canUserValidateInstitutionAddress when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionAddress") /** a guest may create a user - no rule */ then c.grant(); end /** PersonFunctionManager ---------------------------------------- */ rule canUserUseIsFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "isFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING) then c.grant(); end rule canUserUseChangeFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "changeFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUseIsFinancial when c: PermissionCheck(name == "PersonFunctionManager", action == "isFinancial") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING) then c.grant(); end rule canUserSetFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "setFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** PersonManager **/ rule canUserAddNewContactButton when c: PermissionCheck(name == "PersonManager", action == "addNewContactButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserListContacts when c: PermissionCheck(name == "PersonManager", action == "listContacts") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserAddPerson when c: PermissionCheck(name == "PersonManager", action == "addPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUpdatePerson when c: PermissionCheck(name == "PersonManager", action == "updatePerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserDeleteContact when c: PermissionCheck(name == "PersonManager", action == "deleteContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewContact when c: PermissionCheck(name == "PersonManager", action == "viewContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserEditContact when c: PermissionCheck(name == "PersonManager", action == "editContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUpdateContact when c: PermissionCheck(name == "PersonManager", action == "updateContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreatePerson when c: PermissionCheck(name == "PersonManager", action == "createPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreateContact when c: PermissionCheck(name == "PersonManager", action == "createContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TF-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** DomainManager ---------------------------------------- */ rule canUserAddDomain when c: PermissionCheck(name == "DomainManager", action == "addDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateDomain when c: PermissionCheck(name == "DomainManager", action == "updateDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteDomain when c: PermissionCheck(name == "DomainManager", action == "deleteDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserViewDomain when c: PermissionCheck(name == "DomainManager", action == "viewDomain") /** a guest may view a domain - no rule */ then c.grant(); end rule canUserEditDomain when c: PermissionCheck(name == "DomainManager", action == "editDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserCreateDomain when c: PermissionCheck(name == "DomainManager", action == "createDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end /** ActorManager ---------------------------------------- */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TestManagement-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** SystemManager ---------------------------------------- */ rule canUserDoFindCompanies when c: PermissionCheck(name == "SystemManager", action == "doFindCompanies") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end rule canUserFindSystemsInSessionForCompany when c: PermissionCheck(name == "SystemManager", action == "findSystemsInSessionForCompany") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserAddSystem when c: PermissionCheck(name == "SystemManager", action == "addSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateSystem when c: PermissionCheck(name == "SystemManager", action == "updateSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserAddNewSystemAction when c: PermissionCheck(name == "SystemManager", action == "addNewSystemAction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING) then c.grant(); end rule canUserDeleteSystem when c: PermissionCheck(name == "SystemManager", action == "deleteSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteSystemInSession when c: PermissionCheck(name == "SystemManager", action == "deleteSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserViewSystem when c: PermissionCheck(name == "SystemManager", action == "viewSystem") /** a guest may view a system - no rule */ then c.grant(); end rule canUserViewIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "viewIntegrationStatement") /** a guest may view a system - no rule */ then c.grant(); end rule canUserEditSystem when c: PermissionCheck(name == "SystemManager", action == "editSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "editIntegrationStatement") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateSystem when c: PermissionCheck(name == "SystemManager", action == "createSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetListOfSystemsToDisplay when c: PermissionCheck(name == "SystemManager", action == "getSystemsListDependingUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetListSystemInSession when c: PermissionCheck(name == "SystemManager", action == "getSystemsInSessionListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetListSystem when c: PermissionCheck(name == "SystemManager", action == "getSystemsListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserValidateSystemName when c: PermissionCheck(name == "SystemManager", action == "validateSystemNameAndSystemVersion") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserValidateSystemKeyword when c: PermissionCheck(name == "SystemManager", action == "validateSystemKeyword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGenerateSystemKeyword when c: PermissionCheck(name == "SystemManager", action == "generateSystemKeyword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end /** SystemInSessionManager --------------------------------------------- */ rule canUserModifyTableSession when c: PermissionCheck(name == "SystemInSessionManager", action == "canModifyTableSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end /** SystemDemonstrationManager ---------------------------------------- */ rule canUserEditDemonstration when c: PermissionCheck(name == "DemonstrationManager", action == "editDemonstration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserUseIsDemonRegistered when c: PermissionCheck(name == "DemonstrationManager", action == "isDemonRegistered") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserSetDemonstration when c: PermissionCheck(name == "DemonstrationManager", action == "setDemonstration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** TestingSessionManager ---------------------------------------- */ rule canUserAddTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "addTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "updateTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "deleteTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserViewTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "viewTestingSession") /** a guest may view a domain - no rule */ then c.grant(); end rule canUserEditTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "editTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserCreateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "createTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserAddNewTestingSessionButton when c: PermissionCheck(name == "TestingSessionManager", action == "addNewTestingSessionButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end rule canUserActivateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "activateSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end /** Configurations **/ rule canUserListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetHL7ResponderConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7ResponderConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetHL7V3InitiatorConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7V3InitiatorConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetHL7V3ResponderConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7V3ResponderConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canGetHL7InitiatorConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7InitiatorConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetDicomSCUConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getDicomSCUConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetDicomSCPConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getDicomSCPConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetWSConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getWSConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetSyslogConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getSyslogConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetPossibleSystemsInSession when c: PermissionCheck(name == "SystemInSessionSelector", action == "getPossibleSystemsInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllDicomSCUConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllDicomSCUConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING) then c.grant(); end rule canUserGetAllDicomSCPConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllDicomSCPConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllHL7InitiatorConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7InitiatorConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING) then c.grant(); end rule canUserGetAllHL7ResponderConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7ResponderConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllHL7V3InitiatorConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7V3InitiatorConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllHL7V3ResponderConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7V3ResponderConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllWSConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllWSConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserGetAllSyslogConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllSyslogConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING) then c.grant(); end rule canUserGenerateConfigurationsForCompany when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateConfigurationsForCompany") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end rule canUserGenerateConfigurationsForSystem when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateConfigurationsForSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGenerateAllConfigurationsForSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateAllConfigurationsForSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteConfiguration when c: PermissionCheck(name == "SystemConfigurationManager", action == "deleteConfiguration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserAddEditConfiguration when c: PermissionCheck(name == "SystemConfigurationManager", action == "addEditConfiguration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteAllConfigurationsForSystem when c: PermissionCheck(name == "SystemConfigurationManager", action == "deleteAllConfigurationsForSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end /** SystemInSessionSelector **/ /** Result Manager **/ rule canUserListResultsAsAdmin when c: PermissionCheck(name == "ConnectathonResultManager", action == "manageSystemAIPOResultsForAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserListResults when c: PermissionCheck(name == "ConnectathonResultManager", action == "manageSystemAIPOResultsForNonAdmin") Role( ( name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) ) then c.grant(); end /** Instances of Test **/ rule canUserListInstanceOfTestsAsAdmin when c: PermissionCheck(name == "TestingManager", action == "manageInstanceOfTestForAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end /** List of preconnectathon Tests **/ rule canUserListPreconnectathonTestsAsAdmin when c: PermissionCheck(name == "TestingManager", action == "listOfPreconnectathonTestsForAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserListPreconnectathonTestsAsNonAdmin when c: PermissionCheck(name == "TestingManager", action == "listOfPreconnectathonTestsForNonAdmin") Role( name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserListSystemsToTestsAsAdmin when c: PermissionCheck(name == "TestingManager", action == "findSystemsInSessionForTestingAsAdmin") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canUserListSystemsToTestsAsNonAdmin when c: PermissionCheck(name == "TestingManager", action == "findSystemsInSessionForTestingAsNonAdmin") Role( name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end /** Tests Definition Management **/ rule canUserEditTestDefinition when c: PermissionCheck(name == "TestsDefinitionsAdministrationManager", action == "EditTest") (Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING) and eval(net.ihe.gazelle.tm.application.action.ApplicationManager.instance().isMasterModel())) then c.grant(); end rule canUserReadTestDefintion when c: PermissionCheck(name == "TestsDefinitionsAdministrationManager", action == "ReadTest") Role( name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end /** ObjectTypeManager ---------------------------------------- */ rule canGetListOfObjectCreator when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfObjectCreatorForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListOfObjectReader when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfObjectReaderForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListObjectFileForCreator when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfObjectFileForSelectedObjectTypeForCreator") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListObjectFileForReaders when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfObjectFileForSelectedObjectTypeForReaders") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListObjectAttribute when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfObjectAttributeForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canAddNewCreator when c: PermissionCheck(name == "ObjectTypeManager", action == "addNewCreatorOfcurrentObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canAddNewReader when c: PermissionCheck(name == "ObjectTypeManager", action == "addNewReaderOfcurrentObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGetPossibleFileTypes when c: PermissionCheck(name == "ObjectTypeManager", action == "getPossibleFileTypes") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canAddNewObjFileType when c: PermissionCheck(name == "ObjectTypeManager", action == "addNewObjectFileTypeToObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canAddNewObjectAttribute when c: PermissionCheck(name == "ObjectTypeManager", action == "addNewObjectAttributeToObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUpdateSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "updateSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGetNumberOfObjectInstance when c: PermissionCheck(name == "ObjectTypeManager", action == "getNumberOfObjectInstanceByObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetNumberOfObjectInstanceBySISForSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "getNumberOfObjectInstanceBySISForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListSISofSelectedObjectTypeForCreation when c: PermissionCheck(name == "ObjectTypeManager", action == "getListSISofSelectedObjectTypeForCreation") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetTableOfSIS when c: PermissionCheck(name == "ObjectTypeManager", action == "getTableOfSIS") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListOfAIPOCreatorImplementedBySISForSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfAIPOCreatorImplementedBySISForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canGetListSISofSelectedObjectTypeForReading when c: PermissionCheck(name == "ObjectTypeManager", action == "getListSISofSelectedObjectTypeForReading") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule cangetListOfAIPOReaderImplementedBySISForSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "getListOfAIPOReaderImplementedBySISForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canMergeSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "mergeSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUpdateSelectedCreatorOfcurrentObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "updateSelectedCreatorOfcurrentObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canUpdateSelectedReaderOfcurrentObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "updateSelectedReaderOfcurrentObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canMergeObjectFileTypeOfObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "mergeObjectFileTypeOfObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canMergeObjectAttributeOfObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "mergeObjectAttributeOfObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGetListObjectInstanceForObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "getListObjectInstanceForObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canViewListOIFOnDeleting when c: PermissionCheck(name == "ObjectTypeManager", action == "viewListOIFOnDeleting") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedObjectTypeFromDataBaseForSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "deleteSelectedObjectTypeFromDataBaseForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedCreatorFromDataBase when c: PermissionCheck(name == "ObjectTypeManager", action == "deleteSelectedCreatorFromDataBase") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedReaderFromDataBase when c: PermissionCheck(name == "ObjectTypeManager", action == "deleteSelectedReaderFromDataBase") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedObjectFileFromDataBase when c: PermissionCheck(name == "ObjectTypeManager", action == "deleteSelectedObjectFileFromDataBase") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedObjectAttributeFromDataBase when c: PermissionCheck(name == "ObjectTypeManager", action == "deleteSelectedObjectAttributeFromDataBase") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canMergeObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "mergeObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGetListObjectInstanceForSelectedObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "getListObjectInstanceForSelectedObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ) then c.grant(); end rule canEditObjectType when c: PermissionCheck(name == "ObjectTypeManager", action == "editObjectType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end /** ObjectFileTypeManager ---------------------------------------- */ rule canMergeSelectedObjectFileType when c: PermissionCheck(name == "ObjectFileTypeManager", action == "mergeSelectedObjectFileType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGenerateMessageForDeleteObjectFileType when c: PermissionCheck(name == "ObjectFileTypeManager", action == "generateMessageForDeleteObjectFileType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedObjectFileType when c: PermissionCheck(name == "ObjectFileTypeManager", action == "deleteSelectedObjectFileType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canPersistObjectFileType when c: PermissionCheck(name == "ObjectFileTypeManager", action == "persistObjectFileType") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end /** AnnotationManager ---------------------------------------- */ rule canGetListObjectInstanceAnnotation when c: PermissionCheck(name == "AnnotationManager", action == "getListObjectInstanceAnnotation") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canDeleteSelectedAnnotation when c: PermissionCheck(name == "AnnotationManager", action == "deleteSelectedAnnotation") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end rule canGetSamplePermanentlink when c: PermissionCheck(name == "AnnotationManager", action == "getSamplePermanentlink") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TESTS_EDITOR_ROLE_STRING ) then c.grant(); end /** Invoice admin manager ---------------------------------------- */ rule canEditInvoiceAsAdmin when c: PermissionCheck(name == "InvoiceAdminManager", action == "saveInvoice") Role( name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ) then c.grant(); end