Package ch.tocco.nice2.userbase.impl

Class CurrentUserHasRoleQueryFunction

java.lang.Object
ch.tocco.nice2.userbase.impl.CurrentUserHasRoleQueryFunction
All Implemented Interfaces:
QueryFunction
@Component public class CurrentUserHasRoleQueryFunction extends Object implements QueryFunction
This query function returns a `BoolCondition.TRUE` if the current principal has a certain role or a `BoolCondition.FALSE` if the principal doesn't have it. Note that this function is not to be used as a replacement for ACLs and that it also shouldn't be used in ACL conditions. However, it can be useful in constrictions. Example: User group A is allowed to see many entities, but in a certain widget they should only see the records where they're linked to over the relation `relUser`. In this case, we would add a constriction like this on the list form to filter out the other ones we don't want to show in this particular widget: `relUser.pk == :currentUser` Now imagine there's a different user group B which uses the same widget. The users of this group should just see all the records (let's also assume they do have read permissions). However, the users of this group aren't linked to any records and, thus, with the constriction above they won't be able to see anything in the widget. To solve this problem, we can assign the role "group_b" to the users of group B and use the `currentUserHasRole(role)` function to write a constriction which provides the right records for both groups: `relUser.pk == :currentUser or currentUserHasRole("group_b")`