Red Hat Web Application Framework 6.1 Manuel d'utilisateur télécharger pdf (Page 118)

104 Chapter 10. Kernel Tutorial

10.1.2. Revoking Access

Revoking a privilege on an object from a party is accomplished by creating a PermissionDescrip-

tor and passing it to PermissionService.revokePermission. The following example revokes

read privilege on MyACSObject 50 from Group 5:

import com.arsdigita.kernel.permissions.PermissionService;

import com.arsdigita.kernel.permissions.PermissionDescriptor;

import com.arsdigita.kernel.permissions.PrivilegeDescriptor;

import com.arsdigita.persistence.OID;

OID acsObject = new OID("example.MyACSObject",

new BigDecimal(50));

OID party = new OID("com.arsdigita.kernel.Group", new BigDecimal(5));

PermissionDescriptor perm =

new PermissionDescriptor(PrivilegeDescriptor.READ,

acsObject, party);

PermissionService.revokePermission(perm);

The next example revokes admin privilege on all objects from User 100:

import com.arsdigita.kernel.permissions.PermissionService;

import com.arsdigita.kernel.permissions.UniversalPermissionDescriptor;

import com.arsdigita.kernel.permissions.PrivilegeDescriptor;

import com.arsdigita.persistence.OID;

OID party = new OID("com.arsdigita.kernel.User", new BigDecimal(100));

PermissionDescriptor perm =

new UniversalPermissionDescriptor(PrivilegeDescriptor.ADMIN,

party);

PermissionService.revokePermission(perm);

10.1.3. Basic Access Check

The basic access check indicate whether a user has a privilege on an object. User X has privilege Y

on object Z if either of the following is true:

• Privilege Y or admin has been granted universally to user X or some group to which X belongs.

• Privilege Y or admin has been granted on object Z or some object from which Z inherits permis-

sions (via Z’s context) to user X or some group to which X belongs.

To perform this check, you create a PermissionDescriptor and pass it to PermissionSer-

vice.checkPermission. The following example checks read privilege on MyACSObject 50 for

User 100:

import com.arsdigita.kernel.permissions.PermissionService;

import com.arsdigita.kernel.permissions.PermissionDescriptor;

import com.arsdigita.kernel.permissions.PrivilegeDescriptor;

import com.arsdigita.persistence.OID;

OID acsObject = new OID("example.MyACSObject",

new BigDecimal(50));

1 2 ... 113 114 115 116 117 118 119 120 121 122 123 ... 229 230

Pas de commentaire

Red Hat Web Application Framework 6.1 Manuel d'utilisateur Page 118