106 Chapter 10. Kernel Tutorial
DataCollection objects = SessionManager.getSession()
.retrieve("example.MyACSObject");
OID party = new OID("com.arsdigita.kernel.User", new BigDecimal(100));
PermissionService.filterObjects(object, PrivilegeDescriptor.READ, party);
// iterate over filtered results
while (objects.next()) {
...
}
10.1.5. Setting the Access Control Context of an ACSObject
An ACSObject can inherit permissions from another ACSObject, which is called its context. To
set the context of an object, use PermissionService.setContext(object, context). The
context may be set to null to signify that the object should not inherit permissions from any other
object. Note that universal permissions still apply to any object, even if its context is null.
10.1.6. Defining New Privileges
There are 4 pre-defined privileges in the system, similar to file system privileges:
• read - The privilege to read or view an object.
• write - The privilege to write or edit an object.
• create- The privilege to create new objects within an object.For example, a userwho hascreate
privilege on a given directory is allowed to create new files within the directory.
• admin - Implies all other privileges.
Application developers may cautiously define new privileges to represent specific actions in the
context of an application. For example, a content management system may support publishing a
content item that is in final draft, but this operation should be restricted to certain parties for each
content item. To accomplish this, the content management application creates a publish privilege
from its initializer, as illustrated by the following code fragment.
if (PrivilegeDescriptor.get("publish") == null) {
PrivilegeDescriptor.createPrivilege("publish"); }
10.2. Domain Objects Tutorial
10.2.1. Building the Domain Object
This section will take you step by step through the process of building a domain object.
