/* * Copyright 2008 IHE International (http://www.ihe.net) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package Permissions; import java.security.Principal; import org.jboss.seam.security.permission.PermissionCheck; import org.jboss.seam.security.Role; /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : Users-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** UserManager ---------------------------------------- */ rule canUserAddUser when c: PermissionCheck(name == "UserManager", action == "addUser") /** a guest may create a user - no rule */ then c.grant(); end rule canAddUserByAdmin when c: PermissionCheck(name == "UserManager", action == "addUserByAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateUser when c: PermissionCheck(name == "UserManager", action == "updateUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteUser when c: PermissionCheck(name == "UserManager", action == "deleteUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewUser when c: PermissionCheck(name == "UserManager", action == "viewUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditUser when c: PermissionCheck(name == "UserManager", action == "editUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateUser when c: PermissionCheck(name == "UserManager", action == "createUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetInstitution when c: PermissionCheck(name == "UserManager", action == "getInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetListOfUsersToDisplay when c: PermissionCheck(name == "UserManager", action == "getUsersListDependingInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetAllUsersListForAdmin when c: PermissionCheck(name == "UserManager", action == "getAllUsersListForAdmin") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserUseNewUserButton when c: PermissionCheck(name == "UserManager", action == "addNewUserButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** AddressManager ---------------------------------------- */ rule canUserAddAddress when c: PermissionCheck(name == "AddressManager", action == "addAddress") /** a guest may create a user - no rule */ then c.grant(); end rule canUserUpdateAddress when c: PermissionCheck(name == "AddressManager", action == "updateAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteAddress when c: PermissionCheck(name == "AddressManager", action == "deleteAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewAddress when c: PermissionCheck(name == "AddressManager", action == "viewAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditAddress when c: PermissionCheck(name == "AddressManager", action == "editAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateAddress when c: PermissionCheck(name == "AddressManager", action == "createAddress") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetAddressWithCountryAutoComplete when c: PermissionCheck(name == "AddressManager", action == "countryAutoComplete") /** a guest may create a user - no rule */ then c.grant(); end rule canUserGetAddressIso3166CountryCodes when c: PermissionCheck(name == "AddressManager", action == "getIso3166CountryCodes") /** a guest may create a user - no rule */ then c.grant(); end /** InstitutionManager ---------------------------------------- */ rule canUserAddInstitution when c: PermissionCheck(name == "InstitutionManager", action == "addInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserUpdateInstitution when c: PermissionCheck(name == "InstitutionManager", action == "updateInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreateFinancialInformationsForInstitution when c: PermissionCheck(name == "InstitutionManager", action == "createFinancialInformationsForInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewInstitution when c: PermissionCheck(name == "InstitutionManager", action == "viewInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserDeleteInstitution when c: PermissionCheck(name == "InstitutionManager", action == "deleteInstitution") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING) then c.grant(); end rule canUserUseNewInstitutionButton when c: PermissionCheck(name == "InstitutionManager", action == "addNewInstitutionButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserEditInstitution when c: PermissionCheck(name == "InstitutionManager", action == "editInstitution") /** a guest may create a user - no rule */ then c.grant(); end rule canUserEditInstitutionSession when c: PermissionCheck(name == "InstitutionManager", action == "editInstitutionSession") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserValidateInstitutionName when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionName") /** a guest may create a user - no rule */ then c.grant(); end rule canUserValidateInstitutionKeyword when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionKeyword") /** a guest may create a user - no rule */ then c.grant(); end rule canUserValidateInstitutionAddress when c: PermissionCheck(name == "InstitutionManager", action == "validateInstitutionAddress") /** a guest may create a user - no rule */ then c.grant(); end /** PersonFunctionManager ---------------------------------------- */ rule canUserUseIsFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "isFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUseChangeFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "changeFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUseIsFinancial when c: PermissionCheck(name == "PersonFunctionManager", action == "isFinancial") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING) then c.grant(); end rule canUserSetFunction when c: PermissionCheck(name == "PersonFunctionManager", action == "setFunction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** PersonManager **/ rule canUserAddNewContactButton when c: PermissionCheck(name == "PersonManager", action == "addNewContactButton") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserListContacts when c: PermissionCheck(name == "PersonManager", action == "listContacts") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserAddPerson when c: PermissionCheck(name == "PersonManager", action == "addPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUpdatePerson when c: PermissionCheck(name == "PersonManager", action == "updatePerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserDeleteContact when c: PermissionCheck(name == "PersonManager", action == "deleteContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserViewContact when c: PermissionCheck(name == "PersonManager", action == "viewContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserEditContact when c: PermissionCheck(name == "PersonManager", action == "editContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserUpdateContact when c: PermissionCheck(name == "PersonManager", action == "updateContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreatePerson when c: PermissionCheck(name == "PersonManager", action == "createPerson") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserCreateContact when c: PermissionCheck(name == "PersonManager", action == "createContact") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : TF-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** DomainManager ---------------------------------------- */ rule canUserAddDomain when c: PermissionCheck(name == "DomainManager", action == "addDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateDomain when c: PermissionCheck(name == "DomainManager", action == "updateDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserDeleteDomain when c: PermissionCheck(name == "DomainManager", action == "deleteDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserViewDomain when c: PermissionCheck(name == "DomainManager", action == "viewDomain") /** a guest may view a domain - no rule */ then c.grant(); end rule canUserEditDomain when c: PermissionCheck(name == "DomainManager", action == "editDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end rule canUserCreateDomain when c: PermissionCheck(name == "DomainManager", action == "createDomain") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.TF_EDITOR_ROLE_STRING ) then c.grant(); end /** ActorManager ---------------------------------------- */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** Security management : ProductRegistry-ejb module */ /** ------------------------------------------------------- */ /** ------------------------------------------------------- */ /** SystemManager ---------------------------------------- */ rule canUserAddSystem when c: PermissionCheck(name == "SystemManager", action == "addSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserUpdateSystem when c: PermissionCheck(name == "SystemManager", action == "updateSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserAddNewSystemAction when c: PermissionCheck(name == "SystemManager", action == "addNewSystemAction") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING) then c.grant(); end rule canUserDeleteSystem when c: PermissionCheck(name == "SystemManager", action == "deleteSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserViewSystem when c: PermissionCheck(name == "SystemManager", action == "viewSystem") /** a guest may view a system - no rule */ then c.grant(); end rule canUserViewIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "viewIntegrationStatement") /** a guest may view a system - no rule */ then c.grant(); end rule canUserEditSystem when c: PermissionCheck(name == "SystemManager", action == "editSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserEditIntegrationStatement when c: PermissionCheck(name == "SystemManager", action == "editIntegrationStatement") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserCreateSystem when c: PermissionCheck(name == "SystemManager", action == "createSystem") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ) then c.grant(); end rule canUserGetListOfSystemsToDisplay when c: PermissionCheck(name == "SystemManager", action == "getSystemsListDependingUser") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end rule canUserGetListOfAllSystemsToDisplay when c: PermissionCheck(name == "SystemManager", action == "getAllSystemsList") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.SYSTEMS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ) then c.grant(); end rule canUserValidateSystemName when c: PermissionCheck(name == "SystemManager", action == "validateSystemName") Role(name == net.ihe.gazelle.users.model.Role.ADMINISTRATOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.INSTITUTIONS_EDITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.MONITOR_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.PROJECT_MANAGER_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.ACCOUNTING_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ADMIN_ROLE_STRING ||name == net.ihe.gazelle.users.model.Role.VENDOR_ROLE_STRING ) then c.grant(); end /** to be completed ....... */