The default default group is called 'global' and has an id of 1 as per
Jeff's usage.
So hasRole("rolename") will check against this global group.
I am using the acl.hasRole(<role>,<group>) method and it seems to work
for me, although
I am using the method that takes a Role object and a Group object rather
than their names.
I did notice some strange behaviour (ie not all of the roles were
present in the ACL) when I started using it but it seemd to go away for
some reason that I didn't determine.
Here is how I use it:
org.apache.turbine.om.security.Group group =
TurbineSecurity.getGroupByName(carId);
Role role =
TurbineSecurity.getRoleByName(Constants.DELEGATE_ROLE);
User user = data.getUser();
AccessControlList acl = data.getACL();
/*
* this should show all of the details of roles and groups for the ACL
log.debug("role = " + role.toString());
log.debug("group = " + group.toString());
log.debug("acl.hasRole returns = " + acl.hasRole(role,group));
org.apache.turbine.om.security.Group[] grps = acl.getAllGroups();
for(int i=0; i < grps.length; i++)
{
log.debug("group = " + grps[i]);
log.debug("\t roles in this group = " +
acl.getRoles(grps[i]).toString());
}
log.debug("roles in group " + acl.getRoles(group).toString());
*/
if(!acl.hasRole(role,group))
{
TurbineSecurity.grant(user, group, role);
}
Hope this helps,
cheers
Peter
> -----Original Message-----
> From: Jeff Painter [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2004 4:30
> To: Turbine Users List
> Subject: RE: turbine security - viewing access in template
>
>
> On Fri, 16 Jan 2004, Mark Lybarger wrote:
>
> > i don't know if i have default group setup or not, but it
> doesn't seem
> > to work i'm using:
> >
> > #set ($role = "Event")
> > #if ($data.getACL().hasRole($role))
> > User has role $role
> > <br>
> > #end
> >
> > where the user definately had that role in all their groups. and
> > nothing is displayed. i try to add a group but again nothing:
> >
> > #set ($role = "Event")
> > #set ($group = "Admin")
> > #if ($data.getACL().hasRole($role,$group))
> > User has role $role, $group
> > <br>
> > #end
> >
> > i am able to use the following:
> >
> > #set ($permission = "entry")
> > #set ($group = "Admin")
> > #if ( $data.getACL().hasPermission("entry","Admin") )
> > User has permission ${permission}, group ${group}
> >
> > #end
> >
> > and it displays that the user has a particular permission
> in a group.
> > does the getACL().hasRole( role, group) not work the way
> i'm using it?
> >
>
>
> I have only used role based security in my applications, so
> I'm not sure
> if you are trying to assign users to a group and then roles to a group
>
> - user -> group -> multiple roles
>
> in my TURBINE_USER_GROUP_ROLE table I have multiple roles linked to
> individual users
>
> - user -> multiple roles
>
> +---------+----------+---------+
> | USER_ID | GROUP_ID | ROLE_ID |
> +---------+----------+---------+
> | 0 | 1 | 1 |
> | 0 | 1 | 100 |
> | 0 | 1 | 101 |
> | 0 | 1 | 102 |
> | 0 | 1 | 103 |
>
> and the hasRole("roleName") works for me in that way.
> hopefully this is of
> some help
>
>
> --
> Regards,
>
> Jeffery Painter
>
> - --
> [EMAIL PROTECTED] http://kiasoft.com
> PGP FP: 9CE8 83A2 33FA 32B1 0AB1 4E62 E4CB E4DA 5913 EFBC
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE/qEQE5Mvk2lkT77wRAnMJAJ9vJ6qOkg/mvqqIpz7troCEQJ8bFACglu/U
> YNXabx7DZOV2Hd9LwSTmGpY=
> =dWiu
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
