JBStrap user roles

The framework’s security solution is role based. Users must have Roles and these roles contain the user access rights, which determines what content they can see.

A user can have multiple roles, one of which must be selected as the currentRole. This role will be the one that determines the user’s access rights. If the user has A B and C roles, and their currentRole is B , they can access any content that is public, or is assigned to the B role. They will not be able to view any other content, such as content that is restricted to C or A users, as the user’s currentRole is not C or A .

The user roles are represented by the Role class. This class must be specified as the user’s currentRole , and a list of this class must be assigned to the user’s role parameter.

The following data is stored in the Role class:

code : The role’s short name. This must be specified. This is used to refer to the role in the code and annotations.
name : The full name of the Role. Not mandatory. This name is displayed on the user interface, so it is recommended that you use a name that describes this role clearly to the users. If not specified, the code will be displayed instead.
description : The role description. Not mandatory. Used to further describe the role’s purpose.

  Creating a role. The code will be ADMIN and the name will be System administrator. No description will be specified:  
         
Role adminRole = new Role("ADMIN").setName("System administrator");

  Setting the user’s roles. The ADMIN and POWER_USER, USER roles will be assigned to the user (which itself is stored in the user variable). The currentRole will be the POWER_USER role:  
         
Role admin = new Role("ADMIN").setName("System administrator");
Role powerUser = new Role("POWER_USER").setName("Power user");
Role userRole = new Role("USER").setName("Simple user");
user.addRoles(admin, powerUser, userRole.setCurrentRole(admin);