Security Tutorial 01: Initial setup

import com.flexive.shared.scripting.groovy.*
import com.flexive.shared.value.*
import com.flexive.shared.structure.*
import com.flexive.shared.EJBLookup
import com.flexive.shared.FxContext;
import com.flexive.shared.interfaces.AccountEngine;
import com.flexive.shared.security.ACL;
import com.flexive.shared.security.UserGroup;
import com.flexive.shared.security.AccountEdit
import com.flexive.shared.interfaces.ACLEngine
import com.flexive.shared.interfaces.UserGroupEngine;
import com.flexive.shared.CacheAdmin;
import com.flexive.shared.structure.FxEnvironment;

// Create needed types, users, usergroups and acls if not already present
if (!CacheAdmin.getEnvironment().typeExists("announcementEntry")) {
    // Get engines
    UserGroupEngine ugEng = EJBLookup.getUserGroupEngine();
    AccountEngine accEng= EJBLookup.getAccountEngine();
    ACLEngine aclEng = EJBLookup.getAclEngine()

    // Create [fleXive] data structure announcementEntry

    // Create a type ACL used for all instances of our data structure
    long announcementTypeACLId = aclEng.create(  //(1)
            "Announcement Type ACL",
            new FxString("Announcement Type ACL"),
            FxContext.get().getTicket().getMandatorId(),
            "#CC9900",
            "Announcement Type ACL",
            ACL.Category.STRUCTURE
    )

    new GroovyTypeBuilder().announcementEntry(  //(2)
            description: new FxString(true, "Announcement"),
            useTypePermissions: true, //(3)
            useInstancePermissions: true) //(4)
            acl: CacheAdmin.getEnvironment().getACL(announcementTypeACLId), //(5)
            {
                caption(assignment: "ROOT/CAPTION", multiplicity: FxMultiplicity.MULT_1_1) //(6)
                publishDate(dataType: FxDataType.Date, multiplicity: FxMultiplicity.MULT_0_1, description: new FxString(true, "Publish Date")) //(7)
                publishURL(multiplicity: FxMultiplicity.MULT_0_1, description: new FxString(true, "Publish URL")) //(8)
                announcementText(FxDataType.Text, multiplicity: FxMultiplicity.MULT_1_1, description: new FxString(true, "Announcement Text"), multiline: true) //(9)
            }

    // Create user groups
    long uGroupEditors = ugEng.create("Editors", "#CC9900", FxContext.get().getTicket().getMandatorId()) //(10)
    long uGroupVisitors = ugEng.create("Visitors", "#CC9900", FxContext.get().getTicket().getMandatorId())
    
    // Create user accounts ...
    AccountEdit editorAccount = new AccountEdit() //(11)
    AccountEdit visitorAccount = new AccountEdit()
    
    editorAccount.setName("announcement.editor")
    editorAccount.setEmail("as@as.net")
    visitorAccount.setName("announcement.visitor")
    visitorAccount.setEmail("vs@vs.net")

    long accountEditorId = accEng.create(editorAccount, "editor") //(12)
    long accountVisitorId = accEng.create(visitorAccount, "visitor")

    // Add users to user groups
    accEng.addGroup(accountEditorId, uGroupEditors) //(13)
    accEng.addGroup(accountVisitorId, uGroupVisitors)

    // Assign type ACL to user groups
    aclEng.assign(announcementTypeACLId, uGroupEditors, ACL.Permission.READ, ACL.Permission.EDIT, ACL.Permission.CREATE, ACL.Permission.DELETE) //(14)
    aclEng.assign(announcementTypeACLId, uGroupVisitors, ACL.Permission.READ) //(15)

    // Create an instance ACL where both user groups have instance read permission
    // and editors also have edit and delete permission
    long instanceAclReadAllId = aclEng.create( //(16)
            "Announcement Instance Read All",
            new FxString("Announcement Instance Read All"),
            FxContext.get().getTicket().getMandatorId(),
            "#CC9900",
            "Announcement Instance Read All",
            ACL.Category.INSTANCE
    )
    // Assign "read all"-instance ACL to user group
    aclEng.assign(instanceAclReadAllId, uGroupEditors, ACL.Permission.READ, ACL.Permission.EDIT, ACL.Permission.CREATE, ACL.Permission.DELETE)
    aclEng.assign(instanceAclReadAllId, uGroupVisitors, ACL.Permission.READ)

    // Create instance ACL where only editors have instance read permission
    long instanceAclEditorsOnlyId = aclEng.create( //(17)
            "Announcement Instance Editors Only",
            new FxString("Announcement Instance Editors Only"),
            FxContext.get().getTicket().getMandatorId(),
            "#CC9900",
            "Announcement Instance Editors Only",
            ACL.Category.INSTANCE
    )
    // assign "editors only"-instance ACL to user group
    aclEng.assign(instanceAclEditorsOnlyId, uGroupEditors, ACL.Permission.READ, ACL.Permission.EDIT, ACL.Permission.CREATE, ACL.Permission.DELETE) //(18)
}