package Permissions; import java.security.Principal; import org.jboss.seam.security.PermissionCheck; import org.jboss.seam.security.Role; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : Users-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** UserManager ---------------------------------------- */ rule canUserAddUser when c: PermissionCheck(name == "UserManager", action == "addUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserUpdateUser when c: PermissionCheck(name == "UserManager", action == "updateUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserDeleteUser when c: PermissionCheck(name == "UserManager", action == "deleteUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserViewUser when c: PermissionCheck(name == "UserManager", action == "viewUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserEditUser when c: PermissionCheck(name == "UserManager", action == "editUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserCreateUser when c: PermissionCheck(name == "UserManager", action == "createUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TF-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ rule canUserAddDomain when c: PermissionCheck(name == "domainManagerBean", action == "addDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ) then c.grant(); end; rule canUserUpdateDomain when c: PermissionCheck(name == "domainManagerBean", action == "updateDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ) then c.grant(); end; rule canUserDeleteDomain when c: PermissionCheck(name == "domainManagerBean", action == "deleteDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ) then c.grant(); end; rule canUserViewDomain when c: PermissionCheck(name == "domainManagerBean", action == "viewDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.EDITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE ) then c.grant(); end; rule canUserEditDomain when c: PermissionCheck(name == "domainManagerBean", action == "editDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ) then c.grant(); end; rule canUserCreateDomain when c: PermissionCheck(name == "domainManagerBean", action == "createDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE ) then c.grant(); end; /** ActorManager ---------------------------------------- */ /** to be completed ....... */