Access Control List (ACL)
The ACL submodule of the System module manages role-based authorization for
secured artifacts in the application — primarily UI pages. It records which
roles may read, write, create, delete or administer which artifacts, and
exposes that information to the framework’s security layer through the
AclAuthorizationService contract. It depends on the User submodule
(sys.usr) for roles and users, and on the Localization submodule
(sys.loc) for the user’s locale during sign-in.
Concepts
Object TypeA category of secured artifact. The bootstrap installs a single built-in type called
Page, representing UI page classes that live on the classpath under a configured base package.Object IdentityA concrete secured artifact within an object type — for example, a particular UI page. It is identified by its object type plus an object code, and carries a reference to the underlying Java class.
ACL EntryA row that grants a single
Rolea set of permissions on a singleObject Identity. The five permissions — read, write, create, delete and administer — are independent booleans.RoleDefined by the User submodule (
sys.usr). A user inherits roles directly (throughUserRole) and indirectly through user-group membership (UserGroupMember→UserGroupRole).
Entities
@startuml
class SAclObjectType {
**aclObjectName**
packageName
}
class SAclObjectIdentity {
**aclObjectType**
**aclObjectCode**
description
className
aclObjectKey
aclObjectStatus
}
class SAclEntry {
**aclObjectIdentity**
**role**
aclRead
aclWrite
aclCreate
aclDelete
aclAdminister
}
class Role {
code
description
}
SAclObjectType "1" --* "n" SAclObjectIdentity
SAclObjectIdentity "1" --* "n" SAclEntry
Role "1" --* "n" SAclEntry
@endumlACL Object Type (SAclObjectType)
Registers a category of secured artifact.
| Field | Description |
|---|---|
Name ( | Unique name of the type (business key). The bootstrap installs |
Package ( | Base Java package that is scanned to discover identities of this type. Optional. |
ACL Object Identity (SAclObjectIdentity)
Represents one secured artifact inside an object type.
| Field | Description |
|---|---|
Object Type ( | Owning object type. Part of the business key. |
Code ( | Code, unique within the object type. Part of the business key. |
Description ( | Short description, up to 30 characters. |
Class Name ( | Fully-qualified Java class name backing the artifact. Optional. |
Object Key ( | Optional domain key used by the remoting layer. |
Status ( | Lifecycle status, see below. Defaults to |
The status is one of:
| Status | Code | Meaning |
|---|---|---|
Draft |
| Newly created identity, not yet validated. |
Valid |
| The class is loadable but no |
Active |
| The class is loadable and at least one |
Invalid |
| The class could not be loaded; the artifact is no longer present on the classpath. |
ACL Entry (SAclEntry)
Grants a Role a set of permissions on a single ACL Object Identity.
The combination (aclObjectIdentity, role) is unique.
| Field | Description |
|---|---|
Object Identity ( | The artifact to which the entry applies. Part of the business key. |
Role ( | The role that receives the permissions. Part of the business key. |
Read ( | Permission to view the artifact. |
Write ( | Permission to modify existing records. |
Create ( | Permission to create new records. |
Delete ( | Permission to delete records. |
Administer ( | Administrative permission, e.g. manage other users' rights. |
All five permission flags are independent booleans (GBoolean); a missing
flag is treated as false.
Functionality
Bootstrap
SYS_ACL_Bootstrap is invoked the first time the default user signs in,
through DefaultAclAuthorizationReaderService.getAclUserDetails. It chains
the bootstraps of the Localization (sys.loc) and User (sys.usr)
submodules and then runs the ACL bootstrap (AclBootstrapService.bootstrap):
If no
ACL Object TypenamedPageexists, it is created with the base packagecom.wercstat.erp.client.AclObjectTypeImportService.importAclObjectIdentitiesis then called to scan that package and seed identities and admin entries.
The constants used during bootstrap are defined in SYS_ACL_Constant:
| Constant | Default value |
|---|---|
|
|
|
|
|
|
Importing object identities
AclObjectTypeImportService.importAclObjectIdentities(hasTrace, aclObjectType)
discovers UI page classes by reflection
(AclReflectionService.findUIPageClassNamesInPackage) within the package
configured on the object type. For every discovered class:
If no
ACL Object Identitywith that class name exists, a new identity is created. ItsCodeis the class' simple name (with a fallback to the fully-qualified name when there is no package suffix), itsDescriptionis the simple name truncated to 30 characters, and itsClass Nameis the fully-qualified name.The default administrator role (
sys_ope) is then granted full permissions — read, write, create, delete and administer — through a newACL Entry, unless one already exists for that identity and role.
The method returns the number of newly-created identities. It is also
invoked from the UI through the aclImportObjects action on the
ACL Object Type view model.
Validating object identities
AclWriterService.validateAclObjectIdentities walks every
ACL Object Identity and tries to load its Class Name:
Class loads, identity has no entries → status set to
Valid.Class loads, identity has entries → status set to
Active.Class fails to load → status set to
Invalid.
The method returns the count of identities marked Invalid. It is invoked
from the UI through the aclValidateObjects action on the
ACL Object Type view model, which then renders either a success message
or an error message containing the invalid count.
Resolving a user’s roles
AclReaderService.getUserRoles(user) returns the union of:
Roles assigned through any
UserGroupMemberthe user belongs to (viaUserGroupRole).Roles assigned directly to the user (via
UserRole).
Roles are returned as their codes (strings).
Authorization queries
DefaultAclAuthorizationReaderService answers the security layer’s
authorization questions. See the Public API section for the contract it
implements; the underlying logic combines ACL Entry rows for the user’s
roles with a logical OR per permission flag — a permission is granted if
any of the user’s roles grants it.
Public API
SYS_ACL_CommandApi and SYS_ACL_QueryApi
Both classes are Spring @Service beans kept as cross-module extension
points but currently expose no operations. Other modules that need ACL
behavior reach in through the AclAuthorizationService contract or the
view model actions described below.
AclAuthorizationService (framework contract)
DefaultAclAuthorizationReaderService implements
io.venlo.frame.server.api.AclAuthorizationService and is the public
entry point for the framework’s security layer.
getAclUserDetails(usercode)Returns an
AclUserDetailscontaining the user’s locale, name, password (encoded for the default user the first time it signs in), archived and locked flags, the union of the user’s roles, default page, default data area and desktop preferences (theme and menu bar). Triggers the database bootstrap on the first sign-in of the default user.getAclObjectTypeEntries(objectType, roleCode)Returns every
ACL Entryof the given role whose identity belongs toobjectType, packaged asAclObjectTypeEntriesalong with the role description and the package name of the object type. Used by management screens that show what a role can do.getAclAuthorizationByClass(objectType, javaClassName, roles)Returns the effective
AclAuthorizationfor a Java class, given the user’s roles. The result combines the entries for all matching roles with a logical OR per permission flag.
View model actions
SAclObjectTypeViewModel exposes two actions on the ACL Object Type
page; both surface as toolbar buttons.
aclImportObjectsRuns
AclObjectTypeImportService.importAclObjectIdentitiesfor the selected object type and reports the number of newly-imported identities through a desktop notification.aclValidateObjectsRuns
AclWriterService.validateAclObjectIdentitiesand reports either "no errors" or the number ofInvalididentities through a desktop notification.