Create a user, create an object, assign a permission

From Kasai documentation

Even if you use an authentication other than RDBMS (like NT or PAM), you must create in Kasais database the structure required to store the user profile. This is needed in order to assign the user to groups, give the user permissions and create blocks on the user account.

Kasai allows you to validate and assign permissions over any given entity or entity class in your application domain, this entities can be mapped to real-life persons, bank accounts, cars, files, even coffee mugs. In Kasai, everything that can be given authorizations over is called an object. Objects can be arranged in a hierarchical way using a folder-like structure (ie: /accountingsystem/marketing/report/128 could mean the marketing expense report whose id is 128).

As you can imagine these objects must be created in Kasais database structure, and this can be achieved through it's API.

Every action that a user can potentially perform over an object is called an operative. Kasai comes with a bunch of pre-defined operatives like “create or modify a user” (kasai.user.commit), “read a group data” (kasai.group.read), and many more.

Even in a fairly simple multi-user application, the number of operatives gets very high very easily, therefore the direct assignment of each operative that a user can perform over every object of the system is really hard on the system administrators. To ease the administration of Kasai powered systems, operatives are grouped into roles. Therefore, when you assign a user (or group) a role over a given object, that user (or the users that belong to the group) can perform all the operatives contained in the role on the object.

Kasai comes with three pre-defined roles: Administrator (id=1), User (id=3) and Guest (id=2). After a clean installation, each of them contains a pre-defined set of operatives, and you're encouraged to add your own operatives to them.

The following example creates a user and an object, and then gives the new user the administrator role over the object.

import org.manentia.kasai.KasaiFacade;

public class AssignPermission {
    public static void main(String args[]){
        try {            
            KasaiFacade.getInstance().createUser("admin", "jdoe", "John", "Doe", 
                "jdoe@welovekasai.com", false, "This is John Doe's user", false, null);
            
            KasaiFacade.getInstance().createObject("admin", "/proposals/79");
            
            KasaiFacade.getInstance().createObjectUserRole("admin", "/proposals/79", 
                "jdoe", 1, null);                        
        } catch (Exception e){
            e.printStackTrace();
        }
    }
}

The createUser() invocation creates a new user with the "jdoe" login. Note that most methods in the KasaiFacade public interface require the login of the user performing the action. The "admin2 user is created by default in a clean installation of kasai, and is marked as a super-user, therefore it's allowed to perform any operative on any object.

The createUser() method not only creates the "jdoe" user, but it also creates an object called "/kasai/user/jdoe", and gives the user creating the new user (admin) the "administrator" role over this new object.

Ok, you're probably asking yourself: and why should I care about this? Well, it's quite important actually, this means that every time a user creates an object in Kasai, that user is granted the "administrator" role over that object. And every time you create a user, a group or a role in Kasai, an object representing it is created; you can use this object in your application to grant other users or groups privileges over it.

Finally, we create a new object, and give the "jdoe" user the administrator role over it.