turbine-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "EXT-McTaggart, Peter" <peter.mctagg...@boeing.com>
Subject RE: turbine security - viewing access in template
Date Sun, 18 Jan 2004 22:12:24 GMT
The default default group is called 'global' and has an id of 1 as per
Jeff's usage.
So hasRole("rolename") will check against this global group.

I am using the acl.hasRole(<role>,<group>) method and it seems to work
for me, although
I am using the method that takes a Role object and a Group object rather
than their names.

I did notice some strange behaviour (ie not all of the roles were
present in the ACL) when I started using it but it seemd to go away for
some reason that I didn't determine.

Here is how I use it:
	org.apache.turbine.om.security.Group group =
TurbineSecurity.getGroupByName(carId);
	Role 	role =
TurbineSecurity.getRoleByName(Constants.DELEGATE_ROLE);            
	User user = data.getUser();          
	AccessControlList acl  = data.getACL();            	
/* 
 * this should show all of the details of roles and groups for the ACL
	log.debug("role = " + role.toString());
	log.debug("group = " + group.toString());
      log.debug("acl.hasRole returns = " + acl.hasRole(role,group));
      org.apache.turbine.om.security.Group[] grps = acl.getAllGroups();
      for(int i=0; i < grps.length; i++)
      {
      	log.debug("group = " + grps[i]);
            log.debug("\t roles in this group = " +
acl.getRoles(grps[i]).toString());
      }
      
	log.debug("roles in group " + acl.getRoles(group).toString()); 
*/
       if(!acl.hasRole(role,group))
       {
       	TurbineSecurity.grant(user, group, role);
       }


Hope this helps,

cheers
Peter





> -----Original Message-----
> From: Jeff Painter [mailto:painter@kiasoft.com] 
> Sent: 17 January 2004 4:30 
> To: Turbine Users List
> Subject: RE: turbine security - viewing access in template
> 
> 
> On Fri, 16 Jan 2004, Mark Lybarger wrote:
> 
> > i don't know if i have default group setup or not, but it 
> doesn't seem 
> > to work i'm using:
> > 
> > #set ($role = "Event")
> > #if ($data.getACL().hasRole($role))
> > 	User has role $role
> > 	<br>
> > #end
> > 
> > where the user definately had that role in all their groups. and 
> > nothing is displayed.  i try to add a group but again nothing:
> > 
> > #set ($role = "Event")
> > #set ($group = "Admin")
> > #if ($data.getACL().hasRole($role,$group))
> > 	User has role $role, $group
> > 	<br>
> > #end
> > 
> > i am able to use the following:
> > 
> > #set ($permission = "entry")
> > #set ($group = "Admin")
> > #if ( $data.getACL().hasPermission("entry","Admin") )
> > 	User has permission ${permission}, group ${group}
> > 	
> > #end
> > 
> > and it displays that the user has a particular permission 
> in a group. 
> > does the getACL().hasRole( role, group) not work the way 
> i'm using it?
> > 
> 
> 
> I have only used role based security in my applications, so 
> I'm not sure 
> if you are trying to assign users to a group and then roles to a group
> 
>  - user -> group -> multiple roles
> 
> in my TURBINE_USER_GROUP_ROLE table I have multiple roles linked to 
> individual users
> 
>  - user -> multiple roles
> 
> +---------+----------+---------+
> | USER_ID | GROUP_ID | ROLE_ID |
> +---------+----------+---------+
> |       0 |        1 |       1 |
> |       0 |        1 |     100 |
> |       0 |        1 |     101 |
> |       0 |        1 |     102 |
> |       0 |        1 |     103 |
> 
> and the hasRole("roleName") works for me in that way. 
> hopefully this is of 
> some help
> 
> 
> -- 
> Regards,
> 
> Jeffery Painter
> 
> - --
> painter@kiasoft.com                     http://kiasoft.com
> PGP FP: 9CE8 83A2 33FA 32B1 0AB1  4E62 E4CB E4DA 5913 EFBC
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>  
> iD8DBQE/qEQE5Mvk2lkT77wRAnMJAJ9vJ6qOkg/mvqqIpz7troCEQJ8bFACglu/U
> YNXabx7DZOV2Hd9LwSTmGpY=
> =dWiu
> -----END PGP SIGNATURE-----
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org


Mime
View raw message