Re: Rule to access security
Re: Rule to access security
- Subject: Re: Rule to access security
- From: Ramsey Gurley <email@hidden>
- Date: Mon, 23 Jan 2012 11:14:43 -0700
Make sure you have
log4j.logger.er.directtoweb.rules.ERD2WTraceRuleFiringEnabled=DEBUG
In your App/Resources/Properties.dev file. There's a nifty way to enable/disable this logger in ERModern, but I never dev without it.
Once you've done that, click the log4j link in your debugging utilities list. It will take you to the log4j direct action page ( /wa/ERXDirectAction/log4j ). At the top of that page, you should see two fields. Enter "isEntityEditable" in the field on the right, select debug in the popup menu, check the "D2W Rule Logger" checkbox, then click the Add button. That will create three log4j loggers to log everything the rule system is doing related to that RHS key.
Now, the next time you hit a page that uses that RHS key, you should see details of how the rule was evaluated in your console log.
My guess is the caching is working fine, but your user isn't who you think he is :-) If you stick a breakpoint in your session().user() method, it should stop there every time the rule is evaluated.
Ramsey
On Jan 23, 2012, at 10:53 AM, Theodore Petrosky wrote:
> by itself ERDDelayedBooleanAssignment did nothing. I am going to reread the wiki on caching. You said to, "loggers for isEntityEditable". I hope you don't think it too silly, but how do I turn on this level of logging?
>
> Ted
>
> --- On Mon, 1/23/12, Ramsey Gurley <email@hidden> wrote:
>
>> From: Ramsey Gurley <email@hidden>
>> Subject: Re: Rule to access security
>> To: "WebObjects-Dev Mailing List List" <email@hidden>
>> Cc: "Theodore Petrosky" <email@hidden>
>> Date: Monday, January 23, 2012, 11:37 AM
>> And if that doesn't work, enable your
>> rule loggers for isEntityEditable. Just looking at the
>> rule, that looks to me like it *should* work with a caching
>> assignment too.
>>
>> Ramsey
>>
>> On Jan 23, 2012, at 8:46 AM, David LeBer wrote:
>>
>>> Ted,
>>>
>>> You probably want try ERDDelayedBooleanAssignment so
>> that the rule is evaluated every time.
>>>
>>> D
>>>
>>> --
>>> David LeBer
>>> Codeferous Software
>>>
>>> On 2012-01-23, at 10:29 AM, Theodore Petrosky wrote:
>>>
>>>> 100 : (pageConfiguration =
>> 'ListPerson' and session.user.security.canEditPerson =
>> 'true') => isEntityEditable = true
>> [com.webobjects.directtoweb.BooleanAssignment],
>>>>
>>>>
>>>> So I have this rule to access the security of my
>> user. This must be wrong, because if I login as user1 and
>> user1 has permission canEditPerson = true, when user2
>> logs in (and user2 canEditPeron = false) then user2 can edit
>> the person EO. it is as if whoever was first wins and my app
>> remembers.
>>>>
>>>> I even tried adding:
>>>> 100 : (pageConfiguration =
>> 'ListPerson' and session.user.security.canEditPerson =
>> 'false') => isEntityEditable = false
>> [com.webobjects.directtoweb.BooleanAssignment],
>>>>
>>>> What am I doing wrong?
>>>>
>>>> Ted
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will
>> be ignored.
>>>> Webobjects-dev mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>>>>
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be
>> ignored.
>>> Webobjects-dev mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden