I have an entity named Employee. An employee can either be marked as internal, or not. An internal employee has a reference to a cuba user. An employee also has a manager. The manager is another internal employee.
I have two groups that should restrict the internal employee (which in turn also means the signed in user).
Group 1: Should only have access to non-internal employees. This is solved by adding a group with the following constraint and it works perfect:
Operation type: all
Check type: Check in database
Join clause: None
Where clause: {E}.isInternal=false
Group 1: Should only have access to non internal employees (Like above) AND employees which the employee itself manages (employees whose manager is the signed in employee. This I tried solving by doing the following, but for some reason, it can ONLY see employees that it manages. This is the constraint I tried, any idea why it doesn’t work?
Operation type: all
Check type: Check in database
Join clause: None
Where clause: {E}.isInternal=false OR {E}.manager.user.id=:session$userId