Re: Rule to access security
Re: Rule to access security
- Subject: Re: Rule to access security
- From: Ramsey Gurley <email@hidden>
- Date: Tue, 24 Jan 2012 16:01:36 -0700
Hi Ted,
I think part of the problem is that you're using delayed assignments for a key that's going to be evaluated on the left hand side of the rule.
Try this, I believe this should work:
100 : (entity.name = 'Person' and session.user.security.canEditPerson = 1) => isEntityEditable = true [BooleanAssignment]
If it doesn't work, what does your rule tracing log say about isEntityEditable? Is the rule a candidate? Was it overridden? Was isEntityEditable even evaluated? Also, put a breakpoint into security.canEditPerson() to examine the state of the object and make sure it is returning the value you think it should.
Ramsey
On Jan 24, 2012, at 3:11 PM, Theodore Petrosky wrote:
> based on what I read on the wiki I found that:
>
> this works as expected
> 100 : pageConfiguration = 'ListAdRelease' => isEntityEditable = {"conditionKey" = "session.user.security.canEditAdRelease"; "falseValue" = "false"; "trueValue" = "true";
> } [ERDDelayedBooleanAssignment],
>
>
> this does NOT
> 100 : pageConfiguration = 'ListAdRelease' => isEntityDeletable = {"conditionKey" = "session.user.security.canDeleteAdRelease"; "falseValue" = "false"; "trueValue" = "true";
> } [ERDDelayedBooleanAssignment],
>
> am I doing something wrong?
>
> Ted
>
> --- On Tue, 1/24/12, Ramsey Gurley <email@hidden> wrote:
>
>> From: Ramsey Gurley <email@hidden>
>> Subject: Re: Rule to access security
>> To: "Theodore Petrosky" <email@hidden>
>> Cc: "WebObjects-Dev Mailing List List" <email@hidden>
>> Date: Tuesday, January 24, 2012, 1:15 PM
>> Use the source Luke :-) Or the
>> wiki:
>>
>> http://wiki.wocommunity.org/display/WO/How+to+use+Dynamic+D2W
>>
>> The delayed boolean assignment doesn't work the same as the
>> boolean assignment.
>>
>> Ramsey
>>
>> On Jan 24, 2012, at 9:24 AM, Theodore Petrosky wrote:
>>
>>> Is there a framework that must be linked in for this to
>> work? As soon as I us it like this:
>>>
>>> 100 : (pageConfiguration = 'ListPerson'
>> and session.user.security.canEditPerson = 'true') =>
>> isEntityEditable = true
>> [er.directtoweb.assignments.delayed.ERDDelayedBooleanAssignment],
>>>
>>> or:
>>> 100 : (pageConfiguration = 'ListPerson'
>> and session.user.security.canEditPerson = 'false') =>
>> isEntityEditable = false [ERDDelayedBooleanAssignment],
>>>
>>> All of my rules are ignored with this error:
>>>
>>> Jan 24 11:14:27 NewTest[62682] WARN NSLog -
>> ** DirectToWeb could not read user.d2wmodel file:
>> file:/Users/asacksadmin/Documents/workspaceD2W_3/NewTest/Resources/user.d2wmodel
>>> [2012-1-24 11:14:27 EST] <main>
>> java.lang.ClassCastException: java.lang.String cannot be
>> cast to com.webobjects.foundation.NSDictionary
>>> at
>> er.directtoweb.assignments.delayed.ERDDelayedBooleanAssignment.dependentKeys(ERDDelayedBooleanAssignment.java:71)
>>> at
>> er.directtoweb.ERD2WModel.prepareDataStructures(ERD2WModel.java:462)
>>> at
>> er.directtoweb.ERD2WModel.sortRules(ERD2WModel.java:192)
>>> at
>> com.webobjects.directtoweb.D2WModel.setRules(D2WModel.java:1127)
>>> at
>> com.webobjects.directtoweb.D2WModel.<init>(D2WModel.java:428)
>>> at
>> er.directtoweb.ERD2WModel.<init>(ERD2WModel.java:143)
>>> at
>> er.directtoweb.ERD2WModel.mergePathURL(ERD2WModel.java:609)
>>> at
>> com.webobjects.directtoweb.D2WModel.loadRules(D2WModel.java:982)
>>> at
>> com.webobjects.directtoweb.D2WModel.checkRules(D2WModel.java:907)
>>> at
>> er.directtoweb.ERDirectToWeb.finishInitialization(ERDirectToWeb.java:98)
>>> at
>> er.extensions.ERXFrameworkPrincipal$Observer.willFinishInitialization(ERXFrameworkPrincipal.java:97)
>>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>> what am i missing?
>>>
>>> Ted
>>>
>>> --- On Mon, 1/23/12, David LeBer <email@hidden>
>> wrote:
>>>
>>>> From: David LeBer <email@hidden>
>>>> Subject: Re: Rule to access security
>>>> To: "Theodore Petrosky" <email@hidden>
>>>> Cc: email@hidden
>>>> Date: Monday, January 23, 2012, 10:46 AM
>>>> Ted,
>>>>
>>>> You probably want try ERDDelayedBooleanAssignment
>> so that
>>>> the rule is evaluated every time.
>>>>
>>>> D
>>>>
>>>> --
>>>> David LeBer
>>>> Codeferous Software
>>>>
>>>> On 2012-01-23, at 10:29 AM, Theodore Petrosky
>> wrote:
>>>>
>>>>> 100 :
>> (pageConfiguration = 'ListPerson'
>>>> and session.user.security.canEditPerson = 'true')
>> =>
>>>> isEntityEditable = true
>>>> [com.webobjects.directtoweb.BooleanAssignment],
>>>>>
>>>>>
>>>>> So I have this rule to access the security of
>> my user.
>>>> This must be wrong, because if I login as user1 and
>> user1
>>>> has permission canEditPerson = true, when
>> user2 logs
>>>> in (and user2 canEditPeron = false) then user2 can
>> edit the
>>>> person EO. it is as if whoever was first wins and
>> my app
>>>> remembers.
>>>>>
>>>>> I even tried adding:
>>>>> 100 :
>> (pageConfiguration = 'ListPerson'
>>>> and session.user.security.canEditPerson = 'false')
>> =>
>>>> isEntityEditable = false
>>>> [com.webobjects.directtoweb.BooleanAssignment],
>>>>>
>>>>> What am I doing wrong?
>>>>>
>>>>> Ted
>>>>>
>> _______________________________________________
>>>>> Do not post admin requests to the list. They
>> will be
>>>> ignored.
>>>>> Webobjects-dev mailing list
>> (email@hidden)
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>
>>>>> This email sent to email@hidden
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be
>> ignored.
>>> Webobjects-dev mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden