/* * Copyright 2008 IHE International (http://www.ihe.net) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package Permissions; import java.security.Principal; import org.jboss.seam.security.permission.PermissionCheck; import org.jboss.seam.security.Role; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : Users-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** UserManager ---------------------------------------- */ rule canUserAddUser when c: PermissionCheck(name == "UserManager", action == "addUser") /** a guest may create an user - no rule */ then c.grant(); end; rule canAddUserByAdmin when c: PermissionCheck(name == "UserManager", action == "addUserByAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserUpdateUser when c: PermissionCheck(name == "UserManager", action == "updateUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserDeleteUser when c: PermissionCheck(name == "UserManager", action == "deleteUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserViewUser when c: PermissionCheck(name == "UserManager", action == "viewUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserEditUser when c: PermissionCheck(name == "UserManager", action == "editUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserCreateUser when c: PermissionCheck(name == "UserManager", action == "createUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserGetInstitution when c: PermissionCheck(name == "UserManager", action == "getInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserGetListOfUsersToDisplay when c: PermissionCheck(name == "UserManager", action == "getUsersListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserUseNewUserButton when c: PermissionCheck(name == "UserManager", action == "addNewUserButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserUpdatePassword when c: PermissionCheck(name == "UserManager", action == "updatePassword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end; /** AddressManager ---------------------------------------- */ rule canUserAddAddress when c: PermissionCheck(name == "AddressManager", action == "addAddress") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserUpdateAddress when c: PermissionCheck(name == "AddressManager", action == "updateAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserDeleteAddress when c: PermissionCheck(name == "AddressManager", action == "deleteAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserViewAddress when c: PermissionCheck(name == "AddressManager", action == "viewAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserEditAddress when c: PermissionCheck(name == "AddressManager", action == "editAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserCreateAddress when c: PermissionCheck(name == "AddressManager", action == "createAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserGetAddressWithCountryAutoComplete when c: PermissionCheck(name == "AddressManager", action == "countryAutoComplete") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserGetAddressIso3166CountryCodes when c: PermissionCheck(name == "AddressManager", action == "getIso3166CountryCodes") /** a guest may create an user - no rule */ then c.grant(); end; /** InstitutionManager ---------------------------------------- */ rule canUserAddInstitution when c: PermissionCheck(name == "InstitutionManager", action == "addInstitution") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserUpdateInstitution when c: PermissionCheck(name == "InstitutionManager", action == "updateInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserCreateFinancialInformationsForInstitution when c: PermissionCheck(name == "InstitutionManager", action == "createFinancialInformationsForInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserViewInstitution when c: PermissionCheck(name == "InstitutionManager", action == "viewInstitution") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserDeleteInstitution when c: PermissionCheck(name == "InstitutionManager", action == "deleteInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING) then c.grant(); end; rule canUserUseNewInstitutionButton when c: PermissionCheck(name == "InstitutionManager", action == "addNewInstitutionButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end; rule canUserEditInstitution when c: PermissionCheck(name == "InstitutionManager", action == "editInstitution") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserEditInstitutionSession when c: PermissionCheck(name == "InstitutionManager", action == "editInstitutionSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserValidateInstitutionName when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionName") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserValidateInstitutionKeyword when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionKeyword") /** a guest may create an user - no rule */ then c.grant(); end; rule canUserValidateInstitutionAddress when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionAddress") /** a guest may create an user - no rule */ then c.grant(); end; /** PersonFunctionManager ---------------------------------------- */ rule canUserUseIsFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "isFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING) then c.grant(); end; rule canUserUseChangeFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "changeFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserUseIsFinancial when c: PermissionCheck(name == "PersonFunctionManager", action == "isFinancial") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING) then c.grant(); end; rule canUserSetFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "setFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; /** PersonManager **/ rule canUserAddNewContactButton when c: PermissionCheck(name == "PersonManager", action == "addNewContactButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserListContacts when c: PermissionCheck(name == "PersonManager", action == "listContacts") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserAddPerson when c: PermissionCheck(name == "PersonManager", action == "addPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserUpdatePerson when c: PermissionCheck(name == "PersonManager", action == "updatePerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserDeleteContact when c: PermissionCheck(name == "PersonManager", action == "deleteContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserViewContact when c: PermissionCheck(name == "PersonManager", action == "viewContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserEditContact when c: PermissionCheck(name == "PersonManager", action == "editContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserUpdateContact when c: PermissionCheck(name == "PersonManager", action == "updateContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserCreatePerson when c: PermissionCheck(name == "PersonManager", action == "createPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserCreateContact when c: PermissionCheck(name == "PersonManager", action == "createContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TF-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** General GazelleMasterModel --------------------------- */ rule canUserEditModel when c: PermissionCheck(name == "MasterModel", action == "edit") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING || name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserViewModel when c: PermissionCheck(name == "MasterModel", action == "view") /** a guest may view a domain - no rule */ then c.grant(); end; /** DomainManager ---------------------------------------- */ rule canUserAddDomain when c: PermissionCheck(name == "DomainManager", action == "addDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserUpdateDomain when c: PermissionCheck(name == "DomainManager", action == "updateDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserDeleteDomain when c: PermissionCheck(name == "DomainManager", action == "deleteDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserViewDomain when c: PermissionCheck(name == "DomainManager", action == "viewDomain") /** a guest may view a domain - no rule */ then c.grant(); end; rule canUserListDomains when c: PermissionCheck(name == "DomainManager", action == "listDomains") /** a guest may list domains - no rule */ then c.grant(); end; rule canUserEditDomain when c: PermissionCheck(name == "DomainManager", action == "editDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserCreateDomain when c: PermissionCheck(name == "DomainManager", action == "createDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TestManagement-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** SystemManager ---------------------------------------- */ rule canUserDoFindCompanies when c: PermissionCheck(name == "SystemManager", action == "doFindCompanies") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserFindSystemsInSessionForCompany when c: PermissionCheck(name == "SystemManager", action == "findSystemsInSessionForCompany") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserAddSystem when c: PermissionCheck(name == "SystemManager", action == "addSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserUpdateSystem when c: PermissionCheck(name == "SystemManager", action == "updateSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserAddNewSystemAction when c: PermissionCheck(name == "SystemManager", action == "addNewSystemAction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING) then c.grant(); end; rule canUserDeleteSystem when c: PermissionCheck(name == "SystemManager", action == "deleteSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserDeleteSystemInSession when c: PermissionCheck(name == "SystemManager", action == "deleteSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserViewSystem when c: PermissionCheck(name == "SystemManager", action == "viewSystem") /** a guest may view a system - no rule */ then c.grant(); end; rule canUserViewIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "viewIntegrationStatement") /** a guest may view a system - no rule */ then c.grant(); end; rule canUserEditSystem when c: PermissionCheck(name == "SystemManager", action == "editSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserEditIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "editIntegrationStatement") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserCreateSystem when c: PermissionCheck(name == "SystemManager", action == "createSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserGetListOfSystemsToDisplay when c: PermissionCheck(name == "SystemManager", action == "getSystemsListDependingUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetListSystemInSession when c: PermissionCheck(name == "SystemManager", action == "getSystemsInSessionListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetListSystem when c: PermissionCheck(name == "SystemManager", action == "getSystemsListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserValidateSystemName when c: PermissionCheck(name == "SystemManager", action == "validateSystemNameAndSystemVersion") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserValidateSystemKeyword when c: PermissionCheck(name == "SystemManager", action == "validateSystemKeyword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGenerateSystemKeyword when c: PermissionCheck(name == "SystemManager", action == "generateSystemKeyword") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; /** SystemDemonstrationManager ---------------------------------------- */ rule canUserAddNewDemonstrationAction when c: PermissionCheck(name == "DemonstrationManager", action == "addNewDemonstrationAction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end; rule canUserEditDemonstration when c: PermissionCheck(name == "DemonstrationManager", action == "editDemonstration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end; rule canUserUseIsDemonRegistered when c: PermissionCheck(name == "DemonstrationManager", action == "isDemonRegistered") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserSetDemonstration when c: PermissionCheck(name == "DemonstrationManager", action == "setDemonstration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; /** TestingSessionManager ---------------------------------------- */ rule canUserAddTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "addTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserUpdateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "updateTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserDeleteTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "deleteTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserViewTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "viewTestingSession") /** a guest may view a domain - no rule */ then c.grant(); end; rule canUserEditTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "editTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserCreateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "createTestingSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ) then c.grant(); end; rule canUserAddNewTestingSessionButton when c: PermissionCheck(name == "TestingSessionManager", action == "addNewTestingSessionButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserActivateTestingSession when c: PermissionCheck(name == "TestingSessionManager", action == "activateSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; /** Configurations **/ rule canUserListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetHL7ResponderConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7ResponderConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canGetHL7InitiatorConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getHL7InitiatorConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetDicomSCUConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getDicomSCUConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetDicomSCPConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getDicomSCPConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetConfigurationListDependingSystemInSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "getConfigurationListDependingSystemInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetPossibleSystemsInSession when c: PermissionCheck(name == "SystemInSessionSelector", action == "getPossibleSystemsInSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end; rule canUserGetAllDicomSCUConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllDicomSCUConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserGetAllDicomSCPConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllDicomSCPConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserGetAllHL7InitiatorConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7InitiatorConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserGetAllHL7ResponderConfigurations when c: PermissionCheck(name == "SystemConfigurationManager", action == "getAllHL7ResponderConfigurations") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserGenerateConfigurationsForCompany when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateConfigurationsForCompany") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserGenerateConfigurationsForSystem when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateConfigurationsForSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserGenerateAllConfigurationsForSession when c: PermissionCheck(name == "SystemConfigurationManager", action == "generateAllConfigurationsForSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ) then c.grant(); end; rule canUserAddEditConfiguration when c: PermissionCheck(name == "SystemConfigurationManager", action == "addEditConfiguration") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; rule canUserDeleteAllConfigurationsForSystem when c: PermissionCheck(name == "SystemConfigurationManager", action == "deleteAllConfigurationsForSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end; /** SystemInSessionSelector **/ /** Certificate Manager **/ rule canUserViewCertificates when c: PermissionCheck(name == "CertificateManager", action == "getActiveCertListForInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end;