Deny access to a specific object

Hi, i started to use access groups to restrict users from modifying and creating objects in my app and have some problems:

1. I have to check a list of properties inside an entity, and don’t know if i can do it right in the groovy script inside constraint editor?
2. So far i created a @MetaProperty which returns me a boolean, that says. should i have access to an object, and write a groovy script that should constraint modification {E}.isMetaProperty == true but this solution doesn’t work, cos it removes rights from all objects.
3. How could i restrict users from even opening edit window via Access Groups?

upd:
I include my sample project with created entities to clarify my questions, group and user is exported to a JSON files in ‘exports’ folder.
sample.zip (35.5 KB)

Hi,

Yes you can. Just do a ./gradlew zipProject - only few kb then.

will it zip my db with created entities access groups there?

Nope. You have to get the sql statements and put them to 30.create-db.sql

Then it will be inside the zip file…

thank you, now as i attached my sample - i hope for the answer to my question))

Hi Ivan,

You don’t actually need a @MetaProperty.
This Groovy constraint should work for your data model:

import com.haulmont.cuba.core.Persistence
import com.haulmont.cuba.core.global.AppBeans

def persistence = AppBeans.get(Persistence.class)
def em = persistence.getEntityManager()
def vipType = em.find(ru.company.samplerestrict.entity.CustomerType, java.util.UUID.fromString('a238e499-aeae-964c-3e2c-96b71acf316a'))
def types = {E}.types.collect { it.type }
return !types.contains(vipType)

This script can be used to disable the update operation of all Customer instances which have a vip CustomerType in the collection of their CustomerTypeEntries.
To restrict even opening edit window, use the constraintOperationType attribute for the corresponding actions, for example:

<action id="edit" constraintOperationType="update"/>
<action id="remove" constraintOperationType="delete"/>