[Openutils-svn] SF.net SVN: openutils: [703] trunk/openutils-hibernate-security/src/site/ apt/rbac-

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 703
          http://openutils.svn.sourceforge.net/openutils/?rev=703&view=rev
Author:   fcarone
Date:     2008-02-26 02:51:37 -0800 (Tue, 26 Feb 2008)

Log Message:
-----------
More use-cases in documentation

Modified Paths:
--------------
    trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt

Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================

--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt	2008-02-26 10:10:35 UTC (rev 702)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt	2008-02-26 10:51:37 UTC (rev 703)
@@ -21,7 +21,7 @@
 access/modify/create/delete which object (so who can do what on something). To enforce our example policy we add
 2 SecurityRules, using the following notation:
 
- RoleN - Bean - property - value - Modifier (EQUALS, NOT) - Permission (LOAD, CREATE, DELETE, MODIFY)
+ Role - Bean - Property - Value - Modifier (EQUALS, NOT) - Permission (LOAD, CREATE, DELETE, MODIFY)
 
  So:
 
@@ -37,4 +37,18 @@
 
   Role2 - DummyDataObject - intValue - 2 - EQUALS - LOAD, MODIFY
 
- In this case, users with Role2 won't be able to either create or delete DummyDataObjects when intValue is 2.
\ No newline at end of file
+ In this case, users with Role2 won't be able to either create or delete DummyDataObjects when intValue is 2, but can
+load and modify them.
+
+ Let's have some more complex rules scenarios: AND and OR. Users in Role1 can only load DummyDataObjects when intValue
+is 1 and stringValue is 'ABC': now we need two security rules:
+
+  Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+  Role1 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
+
+In this way the AND is done. What if we want to create OR rules:
+
+  Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+  Role2 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
+
+and assign users both roles 1 and 2.
\ No newline at end of file


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Openutils-svn] SF.net SVN: openutils: [703] trunk/openutils-hibernate-security/src/site/ apt/rbac-

[Openutils-svn] SF.net SVN: openutils: [703] trunk/openutils-hibernate-security/src/site/ apt/rbac-acegi.apt