Changed to new Permission stuff. Lot is still missing, but getting there...

Tuomas Riihimäki
Commit 85d983f0 authored Sep 04, 2011 by Tuomas Riihimäki
Showing with 693 additions and 757 deletions
code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/AndPredicateCreator.java
code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/FacadeCallback.java
code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrPredicateCreator.java
code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrderCallback.java
code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/StringSearchPredicateCreator.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/CardTemplateBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CardTemplateFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleRightFacade.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/CardTemplateBeanLocal.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PermissionBeanLocal.java
--- a/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/AndPredicateCreator.java
+++ b/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/AndPredicateCreator.java
@@ -9,7 +9,7 @@ import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 import javax.persistence.metamodel.SingularAttribute;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public class AndPredicateCreator<A, T extends ModelInterface<?>> implements FacadeCallback<T> {
 	private final A searchval;

--- a/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/FacadeCallback.java
+++ b/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/FacadeCallback.java
@@ -7,7 +7,7 @@ import javax.persistence.criteria.CriteriaQuery;
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public interface FacadeCallback<C extends ModelInterface<?>> {

--- a/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrPredicateCreator.java
+++ b/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrPredicateCreator.java
@@ -11,7 +11,7 @@ import javax.persistence.metamodel.SingularAttribute;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public class OrPredicateCreator<A, T extends ModelInterface<?>> implements FacadeCallback<T> {
 	private final A searchstr;

--- a/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrderCallback.java
+++ b/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/OrderCallback.java
@@ -9,7 +9,7 @@ import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 import javax.persistence.metamodel.SingularAttribute;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public class OrderCallback<T extends ModelInterface<?>> implements FacadeCallback<T> {

--- a/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/StringSearchPredicateCreator.java
+++ b/code/LanBortalBeans/ejbModule/fi/iki/tuomari/utils/beans/callbacks/StringSearchPredicateCreator.java
@@ -9,7 +9,7 @@ import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 import javax.persistence.metamodel.SingularAttribute;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public class StringSearchPredicateCreator<T extends ModelInterface<?>> implements FacadeCallback<T> {
 	private static final String WILDCARD = "%";

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
@@ -20,8 +20,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beanutil.PdfPrinter;
 import fi.insomnia.bortal.bortal.views.BillSummary;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.BillPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.facade.BillFacade;
 import fi.insomnia.bortal.facade.BillLineFacade;
 import fi.insomnia.bortal.model.AccountEvent;
@@ -81,7 +80,7 @@ public class BillBean implements BillBeanLocal {
 		if (bill == null || !currentuser.equals(bill.getUser())) {
 			bill = null;
-			permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "No right to read bill: ", bill);
+			permbean.fatalPermission(BillPermission.READ_ALL, "No right to read bill: ", bill);
 		}
 		return bill;
@@ -116,9 +115,11 @@ public class BillBean implements BillBeanLocal {
 	@Override
 	public Bill createEmptyBill(User shoppingUser) throws PermissionDeniedException {
 		if (permbean.isCurrentUser(shoppingUser)) {
-			permbean.fatalPermission(Permission.SHOP, RolePermission.EXECUTE, "No permission to create empty bill for self");
+			permbean.fatalPermission(BillPermission.CREATE_BILL, "No permission to create empty bill for self");
-		} else if (!permbean.hasPermission(Permission.ACCOUNT_MANAGEMENT, RolePermission.EXECUTE)) {
+		} else {
+			permbean.fatalPermission(BillPermission.WRITE_ALL, "Trying to create bill to someone else without sufficient permission");
 		}
 		LanEvent event = eventbean.getCurrentEvent();
 		Bill ret = new Bill(event, shoppingUser);
 		billFacade.create(ret);
@@ -137,7 +138,7 @@ public class BillBean implements BillBeanLocal {
 		boolean iscurrent = permissionbean.isCurrentUser(bill.getUser());
 		Integer billnr = bill.getBillNumber();
 		if (!iscurrent || billnr != null) {
-			permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "User tried to modify bill ", bill, "without sufficient permissions");
+			permbean.fatalPermission(BillPermission.WRITE_ALL, "User tried to modify bill ", bill, "without sufficient permissions");
 		}
 		BillLine line = new BillLine(bill, product.getName(), product.getUnitName(), count, product.getPrice(), product.getVat());
 		line.setLineProduct(product);

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/CardTemplateBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/CardTemplateBean.java
@@ -54,11 +54,11 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
 	@EJB
 	private UserBeanLocal userbean;
-	@Override
+	// @Override
-	@RolesAllowed("USER_MANAGEMENT/WRITE")
+	// @RolesAllowed("USER_MANAGEMENT/WRITE")
-	public List<CardTemplate> findAll() {
+	// public List<CardTemplate> findAll() {
-		return cdFacade.findAll(eventBean.getCurrentEvent());
+	// return cdFacade.findAll(eventBean.getCurrentEvent());
-	}
+	// }
 	@Override
 	@RolesAllowed("USER_MANAGEMENT/WRITE")
@@ -68,9 +68,8 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
 	@Override
 	@RolesAllowed("USER_MANAGEMENT/READ")
-	public CardTemplate findById(Integer id) {
+	public CardTemplate find(Integer id) {
-		LanEvent ev = eventBean.getCurrentEvent();
+		return cdFacade.find(id);
-		return cdFacade.find(ev.getId(), id);
 	}
 	@Override

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
@@ -12,11 +12,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.enums.BeanRole;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.BortalApplication;
-import fi.insomnia.bortal.enums.RolePermission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
 import fi.insomnia.bortal.facade.UserFacade;
+import fi.insomnia.bortal.model.ApplicationPermission;
 import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
 import fi.insomnia.bortal.model.User;
 /**
@@ -69,41 +69,24 @@ public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
 		HashSet<String> roleset = new HashSet<String>();
 		if (usr != null) {
-			HashSet<RoleRight> mappedRoles = new HashSet<RoleRight>();
-			List<Role> usrroles = userbean.localFindUsersRoles(usr);
-			for (Role r : usrroles) {
-				for (RoleRight rr : r.getRoleRights()) {
-					if (!mappedRoles.contains(rr)) {
-						mappedRoles.add(rr);
-						if (rr.isExecute()) {
-							roleset.add(rr.getPermission().getName());
-							roleset.add(rr.getPermission().append(RolePermission.EXECUTE));
-						}
-						if (rr.isRead()) {
-							roleset.add(rr.getPermission().getName());
-							roleset.add(rr.getPermission().append(RolePermission.READ));
-						}
-						if (rr.isWrite()) {
-							roleset.add(rr.getPermission().getName());
-							roleset.add(rr.getPermission().append(RolePermission.WRITE));
-						}
-					}
-				}
-			}
 			if (permbean.isLoggedIn()) {
 				roleset.add("USER");
 			}
+			// TODO: EI NÄIN!!!!! Superadmin ei saa kaikkia oikkia!!
 			if (usr.isSuperadmin()) {
-				for (Permission p : Permission.values()) {
+				for (BortalApplication app : BortalApplication.values()) {
-					roleset.add(p.getName());
+					for (IAppPermission perm : app.getPermissions()) {
+						roleset.add(perm.getFullName());
-					roleset.add(p.append(RolePermission.EXECUTE));
+					}
-					roleset.add(p.append(RolePermission.READ));
-					roleset.add(p.append(RolePermission.WRITE));
 				}
 				roleset.add(BeanRole.SUPERADMIN.name());
+			} else {
+				List<Role> usrroles = userbean.localFindUsersRoles(usr);
+				for (Role role : usrroles) {
+					for (ApplicationPermission apperm : role.getPermissions()) {
+						roleset.add(apperm.getPermission().getFullName());
+					}
+				}
 			}
 		}

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
@@ -11,8 +11,7 @@ import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.User;
@@ -49,10 +48,10 @@ public class PermissionBean implements PermissionBeanLocal {
 	// }
 	@Override
-	public boolean hasPermission(Permission target, RolePermission permission) {
+	public boolean hasPermission(IAppPermission perm) {
 		return getCurrentUser().isSuperadmin()
-				|| context.isCallerInRole(target.append(permission));
+				|| context.isCallerInRole(perm.getFullName());
 		// User user = getCurrentUser();
 		//
@@ -101,14 +100,12 @@ public class PermissionBean implements PermissionBeanLocal {
 	}
 	@Override
-	public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) throws PermissionDeniedException {
+	public void fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
-		boolean ret = hasPermission(target, permission);
+		boolean ret = hasPermission(permission);
 		if (!ret) {
-			StringBuilder message = new StringBuilder("Target: ").append(target).append(" permission: ").append(permission);
+			StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
 			if (failmessage == null || failmessage.length == 0) {
-				message.append(" MSG: SessionHandler mbean permission exception: Target: ")
+				message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
-						.append(target)
-						.append(", Permission: ")
 						.append(permission);
 			} else {
 				for (Object part : failmessage) {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceBean.java
@@ -28,12 +28,11 @@ import javax.ejb.TimerService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.MapPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.BortalCatchableException;
 import fi.insomnia.bortal.facade.GroupMembershipFacade;
 import fi.insomnia.bortal.facade.PlaceFacade;
-import fi.insomnia.bortal.facade.PlaceGroupFacade;
+import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.EventMap;
 import fi.insomnia.bortal.model.GroupMembership;
 import fi.insomnia.bortal.model.LanEvent;
@@ -63,11 +62,6 @@ public class PlaceBean implements PlaceBeanLocal {
 	private PlaceFacade placeFacade;
 	@EJB
-	private PlaceGroupFacade pgfacade;
-	@EJB
-	private UserBeanLocal userbean;
-	@EJB
 	private ProductBeanLocal productBean;
 	@EJB
@@ -77,6 +71,8 @@ public class PlaceBean implements PlaceBeanLocal {
 	private LoggingBeanLocal logbean;
 	@EJB
 	private PermissionBeanLocal permbean;
+	@EJB
+	private UserFacade userfacade;
 	@Override
 	@RolesAllowed("MAP/WRITE")
@@ -97,11 +93,12 @@ public class PlaceBean implements PlaceBeanLocal {
 	 */
 	@Override
 	public BigDecimal totalReservationPrice(User user, Place newPlace) throws PermissionDeniedException {
 		if (user == null) {
 			user = permbean.getCurrentUser();
-		} else if (!permbean.isCurrentUser(user) && !permbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
+		} else if (!permbean.isCurrentUser(user) &&
-			throw new PermissionDeniedException(logbean, permbean.getCurrentUser(), "No right to impersonate another user");
+				!permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
+			throw new PermissionDeniedException(logbean,
+					permbean.getCurrentUser(), "No right to impersonate another user");
 		}
 		Set<Place> places = new HashSet<Place>();
@@ -199,8 +196,8 @@ public class PlaceBean implements PlaceBeanLocal {
 	public void releaseUsersPlaces(User user) throws PermissionDeniedException {
 		if (user == null) {
 			user = permbean.getCurrentUser();
-		} else if (!permbean.isCurrentUser(user) && !permbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
+		} else if (!permbean.isCurrentUser(user)) {
-			throw new PermissionDeniedException(logbean, permbean.getCurrentUser(), "No right to impersonate another user");
+			permbean.fatalPermission(MapPermission.MANAGE_OTHERS, "Not enough rights to release users ", user, " places");
 		}
 		logger.debug("timeouting places");
 		placeFacade.releasePlaces(permbean.getCurrentUser());
@@ -209,24 +206,23 @@ public class PlaceBean implements PlaceBeanLocal {
 	@Override
 	@RolesAllowed("MAP/EXECUTE")
 	public boolean buySelectedPlaces(User user) throws BortalCatchableException, PermissionDeniedException {
-		LanEvent event = eventBean.getCurrentEvent();
+		permbean.fatalPermission(MapPermission.BUY_PLACES, "No rights to buy places from map");
-		// If user is not selected or user does not have permission to modify
-		// the map,
-		// set the user as the loggedIn user
 		if (user == null) {
 			user = permbean.getCurrentUser();
-		} else if (!user.equals(permbean.getCurrentUser()) && !permbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
+		} else if (!user.equals(permbean.getCurrentUser())) {
-			throw new PermissionDeniedException(logbean, permbean.getCurrentUser(), "No right to impersonate another user");
+			permbean.fatalPermission(MapPermission.MANAGE_OTHERS, "Can not buy places for user ", user);
+			user = userfacade.find(user.getId());
 		}
-		List<Place> places = placeFacade.findUsersReservations(eventBean.getCurrentEvent(), user);
+		LanEvent event = eventBean.getCurrentEvent();
+		List<Place> places = placeFacade.findUsersReservations(event, user);
 		if (places.size() <= 0) {
 			return false;
 		}
 		// PlaceGroup pg = pgbean.createPlaceGroup(user);
 		BigDecimal totalprice = totalReservationPrice(user, null);
-		BigDecimal balance = permbean.getCurrentUser().getAccountBalance();
+		BigDecimal balance = user.getAccountBalance();
 		if (balance.compareTo(totalprice) < 0) {
 			logger.debug("User {} Could not buy things because account balance is too low!", user);
 			return false;
@@ -234,7 +230,6 @@ public class PlaceBean implements PlaceBeanLocal {
 		PlaceGroup pg = new PlaceGroup(event, Calendar.getInstance(), Calendar.getInstance(), true);
 		pg.setCreator(user);
-		// pgfacade.create(pg);
 		for (Place p : places) {
 			if (!p.isReservedFor(user)) {
@@ -394,7 +389,7 @@ public class PlaceBean implements PlaceBeanLocal {
 	public boolean releasePlace(Place place) {
 		place = placeFacade.find(place.getId());
 		User user = permbean.getCurrentUser();
-		if (place.getGroup() != null || place.getCurrentUser() == null || (!permbean.hasPermission(Permission.MAP, RolePermission.WRITE) && !place.getCurrentUser().equals(user))) {
+		if (place.getGroup() != null || place.getCurrentUser() == null || (!permbean.hasPermission(MapPermission.MANAGE_OTHERS) && !place.getCurrentUser().equals(user))) {
 			return false;
 		}
 		place.setCurrentUser(null);

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBean.java
@@ -20,8 +20,7 @@ import com.pdfjet.PDF;
 import com.pdfjet.Page;
 import com.pdfjet.TextLine;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.MapPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.facade.GroupMembershipFacade;
 import fi.insomnia.bortal.model.GroupMembership;
 import fi.insomnia.bortal.model.User;
@@ -157,12 +156,12 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
 	@Override
 	public void releaseAndGenerateToken(GroupMembership gmem) throws PermissionDeniedException {
+		gmem = gmemfacade.find(gmem.getId());
 		if (!permbean.getCurrentUser().getId().equals(gmem.getPlaceGroup().getCreator().getId()) ||
-				!permbean.hasPermission(Permission.MAP, RolePermission.WRITE)) {
+				!permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
 			throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to release and generate group membership: " + gmem);
 		}
 		gmem.setUser(null);
 		gmem.setInviteToken(gmemfacade.createInviteToken(eventbean.getCurrentEvent()));
-		gmemfacade.merge(gmem);
 	}
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
@@ -19,12 +19,9 @@ import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.facade.RoleFacade;
-import fi.insomnia.bortal.facade.RoleRightFacade;
 import fi.insomnia.bortal.model.LanEvent;
 import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
 /**
 * 
@@ -43,8 +40,6 @@ public class RoleBean implements RoleBeanLocal {
 	private EventBeanLocal eventBean;
 	@EJB
 	private RoleFacade roleFacade;
-	@EJB
-	private RoleRightFacade rrfacade;
 	@Override
 	@RolesAllowed("ROLE_MANAGEMENT/READ")
@@ -108,38 +103,38 @@ public class RoleBean implements RoleBeanLocal {
 		return returnList;
 	}
-	@Override
+	// @Override
-	@RolesAllowed("ROLE_MANAGEMENT/READ")
+	// @RolesAllowed("ROLE_MANAGEMENT/READ")
-	public List<RoleRight> getRoleRights(Role r) {
+	// public List<RoleRight> getRoleRights(Role r) {
+	//
-		List<RoleRight> ret = new ArrayList<RoleRight>();
+	// List<RoleRight> ret = new ArrayList<RoleRight>();
-		for (Permission perm : Permission.values()) {
+	// for (Permission perm : Permission.values()) {
-			ret.add(findRoleRight(r, perm));
+	// ret.add(findRoleRight(r, perm));
-		}
+	// }
-		return ret;
+	// return ret;
-	}
+	// }
-	@Override
+	// @Override
-	@RolesAllowed("ROLE_MANAGEMENT/WRITE")
+	// @RolesAllowed("ROLE_MANAGEMENT/WRITE")
-	public RoleRight mergeChanges(RoleRight row) {
+	// public RoleRight mergeChanges(RoleRight row) {
+	//
-		return rrfacade.merge(row);
+	// return rrfacade.merge(row);
-	}
+	// }
-	@RolesAllowed("ROLE_MANAGEMENT/READ")
+	// @RolesAllowed("ROLE_MANAGEMENT/READ")
-	public RoleRight findRoleRight(Role role, Permission perm) {
+	// public RoleRight findRoleRight(Role role, Permission perm) {
-		RoleRight rr = rrfacade.find(perm, role);
+	// RoleRight rr = rrfacade.find(perm, role);
-		if (rr == null) {
+	// if (rr == null) {
-			rr = new RoleRight(role, perm, false, false, false);
+	// rr = new RoleRight(role, perm, false, false, false);
-			rrfacade.create(rr);
+	// rrfacade.create(rr);
-		}
+	// }
-		return rr;
+	// return rr;
-	}
+	// }
 	@Override
 	@RolesAllowed("ROLE_MANAGEMENT/READ")
 	public Role find(int id) {
-		return roleFacade.find(eventBean.getCurrentEvent(), id);
+		return roleFacade.find(id);
 	}
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
@@ -18,8 +18,7 @@ import javax.persistence.PersistenceContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.UserPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.facade.GroupMembershipFacade;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.facade.UserImageFacade;
@@ -86,7 +85,7 @@ public class UserBean implements UserBeanLocal {
 	public User mergeChanges(User user) throws PermissionDeniedException {
 		if (!permbean.isCurrentUser(user)) {
-			permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
+			permbean.fatalPermission(UserPermission.MODIFY);
 		}
 		User ret = userFacade.merge(user);
@@ -159,7 +158,7 @@ public class UserBean implements UserBeanLocal {
 		}
 		if (!permbean.getCurrentUser().getId().equals(userid)) {
-			permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.EXECUTE, "usert tried to save picture to userid " + userid + " without sufficient permissions!");
+			permbean.fatalPermission(UserPermission.MODIFY, "usert tried to save picture to userid " + userid + " without sufficient permissions!");
 			user = userFacade.find(userid);
 		}
 		UserImage userimage = new UserImage(user);
@@ -187,7 +186,7 @@ public class UserBean implements UserBeanLocal {
 		} else {
 			ret = userimagefacade.find(id);
 			if (ret != null && !permbean.isCurrentUser(ret.getUser())) {
-				permbean.fatalPermission(Permission.USER_MANAGEMENT, RolePermission.READ, "Not enough rights to access image id: " + id + " for user " + ret.getUser());
+				permbean.fatalPermission(UserPermission.MODIFY, "Not enough rights to access image id: " + id + " for user " + ret.getUser());
 			}
 		}
 		return ret;

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CardTemplateFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CardTemplateFacade.java
@@ -9,7 +9,7 @@ import fi.insomnia.bortal.model.CardTemplate;
 @Stateless
 @LocalBean
-public class CardTemplateFacade extends EventChildGenericFacade<CardTemplate> {
+public class CardTemplateFacade extends GenericFacade<Integer, CardTemplate> {
 	@PersistenceContext
 	private EntityManager em;

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
@@ -20,8 +20,8 @@ import org.slf4j.LoggerFactory;
 import fi.iki.tuomari.utils.beans.callbacks.FacadeCallback;
 import fi.iki.tuomari.utils.jpa.IntegerModelInterface;
-import fi.insomnia.bortal.utilities.ModelInterface;
 import fi.insomnia.bortal.utilities.SearchResult;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public abstract class GenericFacade<I extends Serializable, C extends ModelInterface<I>> {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
 package fi.insomnia.bortal.facade;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 /**
 * Session Bean implementation class GenericFacade

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
 package fi.insomnia.bortal.facade;
-import java.util.Collection;
-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
@@ -17,45 +14,45 @@ import fi.insomnia.bortal.model.User;
 @Stateless
 @LocalBean
-public class RoleFacade extends EventChildGenericFacade<Role> {
+public class RoleFacade extends GenericFacade<Integer, Role> {
-    @PersistenceContext
+	@PersistenceContext
-    private EntityManager em;
+	private EntityManager em;
-    public RoleFacade() {
+	public RoleFacade() {
-        super(Role.class);
+		super(Role.class);
-    }
+	}
-    protected EntityManager getEm() {
+	@Override
-        return em;
+	protected EntityManager getEm() {
-    }
+		return em;
+	}
-    public Role findByName(String name, LanEvent event) {
-        TypedQuery<Role> q = em.createNamedQuery("Role.findByRoleName", Role.class);
+	public Role findByName(String name, LanEvent event) {
-        q.setParameter("name", name);
+		TypedQuery<Role> q = em.createNamedQuery("Role.findByRoleName", Role.class);
-        q.setParameter("event", event);
+		q.setParameter("name", name);
-        return getSingleNullableResult(q);
+		q.setParameter("event", event);
-    }
+		return getSingleNullableResult(q);
+	}
-    public List<Role> findForUser(User user, LanEvent event) {
-        TypedQuery<Role> q = getEm().createNamedQuery("Role.findForUser", Role.class);
+	public List<Role> findForUser(User user, LanEvent event) {
-        q.setParameter("user", user);
+		TypedQuery<Role> q = getEm().createNamedQuery("Role.findForUser", Role.class);
-        q.setParameter("event", event);
+		q.setParameter("user", user);
-        return q.getResultList();
+		q.setParameter("event", event);
-    }
+		return q.getResultList();
+	}
-    public Role createRole(LanEvent event, String rolename) {
+	public Role createRole(LanEvent event, String rolename) {
-        Role ret = new Role(event);
+		Role ret = new Role(event);
-        ret.setName(rolename);
+		ret.setName(rolename);
-        create(ret);
+		create(ret);
-        return ret;
+		return ret;
-    }
+	}
-    public List<Role> findAll(LanEvent event) {
+	public List<Role> findAll(LanEvent event) {
-        TypedQuery<Role> q = getEm().createNamedQuery("Role.findForEvent", Role.class);
+		TypedQuery<Role> q = getEm().createNamedQuery("Role.findForEvent", Role.class);
-        q.setParameter("event", event);
+		q.setParameter("event", event);
-        return q.getResultList();
+		return q.getResultList();
-    }
+	}
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleRightFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleRightFacade.java
-package fi.insomnia.bortal.facade;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import javax.ejb.LocalBean;
-import javax.ejb.Stateless;
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
-import javax.persistence.TypedQuery;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Permission;
-import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
-@Stateless
-@LocalBean
-public class RoleRightFacade extends EventChildGenericFacade<RoleRight> {
-	@PersistenceContext
-	private EntityManager em;
-	private static final Logger logger = LoggerFactory.getLogger(RoleRightFacade.class);
-	public RoleRightFacade() {
-		super(RoleRight.class);
-	}
-	@Override
-	protected EntityManager getEm() {
-		return em;
-	}
-	public RoleRight find(Permission permission, Role role) {
-		if (permission == null || role == null) {
-			return null;
-		}
-		TypedQuery<RoleRight> q = this.getEm().createNamedQuery("RoleRight.findByRightAndRole", RoleRight.class);
-		q.setParameter("permission", permission);
-		q.setParameter("role", role);
-		return getSingleNullableResult(q);
-	}
-	public List<RoleRight> find(Collection<Role> roles, Permission permission) {
-		if (roles.size() == 0) {
-			return new ArrayList<RoleRight>();
-		}
-		TypedQuery<RoleRight> q = getEm().createNamedQuery("RoleRight.findByRolesForPermission", RoleRight.class);
-		Set<Integer> roleids = new HashSet<Integer>();
-		for (Role r : roles) {
-			roleids.add(r.getId().getId());
-		}
-		Integer eventId = roles.iterator().next().getEvent().getId();
-		q.setParameter("eventId", eventId);
-		q.setParameter("roleids", roleids);
-		q.setParameter("permission", permission);
-		return q.getResultList();
-	}
-	public RoleRight createRoleRight(Role role, Permission perm) {
-		RoleRight ret = new RoleRight(role, perm, false, false, false);
-		create(ret);
-		getEm().flush();
-		return ret;
-	}
-}
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/CardTemplateBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/CardTemplateBeanLocal.java
@@ -7,15 +7,16 @@ import javax.ejb.Local;
 import fi.insomnia.bortal.model.CardTemplate;
 import fi.insomnia.bortal.model.PrintedCard;
 import fi.insomnia.bortal.model.User;
+import fi.insomnia.bortal.utilities.jsf.EntityFinderBean;
 @Local
-public interface CardTemplateBeanLocal {
+public interface CardTemplateBeanLocal extends EntityFinderBean<CardTemplate> {
-	List<CardTemplate> findAll();
+	// List<CardTemplate> findAll();
 	void create(CardTemplate card);
-	CardTemplate findById(Integer id);
+	CardTemplate find(Integer id);
 	PrintedCard checkPrintedCard(User user) throws PermissionDeniedException;

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PermissionBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PermissionBeanLocal.java
@@ -2,13 +2,12 @@ package fi.insomnia.bortal.beans;
 import javax.ejb.Local;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.User;
 @Local
 public interface PermissionBeanLocal {
-	boolean hasPermission(Permission target, RolePermission permission);
+	boolean hasPermission(IAppPermission perm);
 	User getCurrentUser();
@@ -16,7 +15,7 @@ public interface PermissionBeanLocal {
 	boolean isCurrentUser(User thisuser);
-	void fatalPermission(Permission target, RolePermission permission, Object... failmessage) throws PermissionDeniedException;
+	void fatalPermission(IAppPermission perm, Object... failmessage) throws PermissionDeniedException;
 	void fatalNotLoggedIn() throws PermissionDeniedException;

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/RoleBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/RoleBeanLocal.java
@@ -10,7 +10,6 @@ import java.util.List;
 import javax.ejb.Local;
 import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
 /**
 * 
@@ -25,10 +24,6 @@ public interface RoleBeanLocal {
 	public Role create(Role role);
-	public RoleRight mergeChanges(RoleRight row);
-	public List<RoleRight> getRoleRights(Role role);
 	public List<Role> getPossibleParents(Role role);
 	public Role find(int val);

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/clientutils/BortalLocalContextHolder.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/clientutils/BortalLocalContextHolder.java
@@ -3,92 +3,64 @@ package fi.insomnia.bortal.clientutils;
 import java.util.HashMap;
 import java.util.Map;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.RolePermission;
-import fi.insomnia.bortal.model.RoleRight;
 public class BortalLocalContextHolder {
-    private static final ThreadLocal<BortalLocalContextHolder> THREAD_WITH_CONTEXT = new ThreadLocal<BortalLocalContextHolder>();
+	private static final ThreadLocal<BortalLocalContextHolder> THREAD_WITH_CONTEXT = new ThreadLocal<BortalLocalContextHolder>();
-    private String hostname;
+	private String hostname;
-    private final Map<Permission, Map<RolePermission, Boolean>> rightcache = new HashMap<Permission, Map<RolePermission, Boolean>>();
+	private final Map<IAppPermission, Boolean> rightcache = new HashMap<IAppPermission, Boolean>();
-    public BortalLocalContextHolder() {
+	public BortalLocalContextHolder() {
-    }
+	}
-    public static void setHostname(String hostname) {
+	public static void setHostname(String hostname) {
-        getThread().hostname = hostname;
+		getThread().hostname = hostname;
-    }
+	}
-    public static String getHostname() {
+	public static String getHostname() {
-        return getThread().getHolderHostname();
+		return getThread().getHolderHostname();
-    }
+	}
-    public static void cleanupThread() {
+	public static void cleanupThread() {
-        if (THREAD_WITH_CONTEXT != null) {
+		if (THREAD_WITH_CONTEXT != null) {
-            THREAD_WITH_CONTEXT.remove();
+			THREAD_WITH_CONTEXT.remove();
-        }
+		}
-    }
+	}
-    public String getHolderHostname() {
+	public String getHolderHostname() {
-        return hostname;
+		return hostname;
-    }
+	}
-    public static Boolean hasPermission(Permission target, RolePermission permission) {
+	public static Boolean hasPermission(IAppPermission permission) {
-        return getThread().hasHolderPermission(target, permission);
+		return getThread().hasHolderPermission(permission);
-    }
+	}
-    private static BortalLocalContextHolder getThread() {
+	private static BortalLocalContextHolder getThread() {
-        if (THREAD_WITH_CONTEXT.get() == null) {
+		if (THREAD_WITH_CONTEXT.get() == null) {
-            THREAD_WITH_CONTEXT.set(new BortalLocalContextHolder());
+			THREAD_WITH_CONTEXT.set(new BortalLocalContextHolder());
-        }
+		}
-        return THREAD_WITH_CONTEXT.get();
+		return THREAD_WITH_CONTEXT.get();
-    }
+	}
-    private Boolean hasHolderPermission(Permission target, RolePermission permission) {
+	private Boolean hasHolderPermission(IAppPermission target) {
-        Map<RolePermission, Boolean> permmap = rightcache.get(target);
+		return rightcache.get(target);
-        if (permmap == null) {
+	}
-            permmap = new HashMap<RolePermission, Boolean>();
-            rightcache.put(target, permmap);
-        }
-        return permmap.get(permission);
-    }
-    public static void setPermission(Permission target, RolePermission permission, Boolean ret) {
+	public static void setPermission(IAppPermission permission, Boolean value) {
-        getThread().setHolderPermission(target, permission, ret);
+		getThread().rightcache.put(permission, value);
-    }
+	}
-    private void setHolderPermission(Permission target, RolePermission permission, Boolean ret) {
+	public static BortalLocalContextHolder getInstance() {
-        Map<RolePermission, Boolean> permmap = rightcache.get(target);
+		return getThread();
-        if (permmap == null) {
+	}
-            permmap = new HashMap<RolePermission, Boolean>();
-            rightcache.put(target, permmap);
-        }
-        permmap.put(permission, ret);
-    }
-    public static void setPermission(RoleRight rr) {
-        if (rr.isExecute()) {
-            setPermission(rr.getPermission(), RolePermission.EXECUTE, true);
-        }
-        if (rr.isWrite()) {
-            setPermission(rr.getPermission(), RolePermission.WRITE, true);
-        }
-        if (rr.isRead()) {
-            setPermission(rr.getPermission(), RolePermission.READ, true);
-        }
-    }
-    public static BortalLocalContextHolder getInstance() {
-        return getThread();
-    }
 }
\ No newline at end of file
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/ApplicationPermission.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/ApplicationPermission.java
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package fi.insomnia.bortal.model;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
+import javax.persistence.Transient;
+import javax.persistence.UniqueConstraint;
+import fi.insomnia.bortal.enums.BortalApplication;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
+/**
+ * 
+ * @author jkj
+ */
+@Entity
+@Table(name = "application_permissions", uniqueConstraints = { @UniqueConstraint(columnNames = { ApplicationPermission.ROLE_ID_COLUMN, ApplicationPermission.APPLICATION_COLUMN, ApplicationPermission.PERMISSION_COLUMN }) })
+public class ApplicationPermission extends GenericEntity {
+    protected static final String APPLICATION_PERMISSION_CONVERTER = "application_permission_perm_typeconverter";
+    private static final long serialVersionUID = -7768599976770042101L;
+    protected static final String ROLE_ID_COLUMN = "role_id";
+    public static final String APPLICATION_COLUMN = "application";
+    public static final String PERMISSION_COLUMN = "permission";
+    @Column(name = APPLICATION_COLUMN, nullable = false, length = 40)
+    private String application;
+    // @ManyToOne
+    // @JoinColumn(nullable = false, name = EVENT_ID_COLUMN)
+    // private LanEvent event;
+    @ManyToOne(optional = false)
+    @JoinColumn(nullable = false, name = ROLE_ID_COLUMN)
+    private Role role;
+    @Column(nullable = false, name = PERMISSION_COLUMN, length = 40)
+    private String permission;
+    public ApplicationPermission() {
+        super();
+    }
+    public ApplicationPermission(Role role) {
+        this.role = role;
+    }
+    public ApplicationPermission(Role role, IAppPermission perm) {
+        this(role);
+        this.role = role;
+        setPermission(perm);
+    }
+    public Role getRole() {
+        return role;
+    }
+    public void setRole(Role rolesId) {
+        this.role = rolesId;
+    }
+    @Transient
+    private BortalApplication privateApp;
+    @Transient
+    private IAppPermission privatePerm;
+    public BortalApplication getApplication() {
+        if (privateApp == null && application != null) {
+            privateApp = BortalApplication.valueOf(application);
+        }
+        return privateApp;
+    }
+    public void setPermission(IAppPermission perm) {
+        privatePerm = perm;
+        privateApp = perm.getParent();
+        this.application = perm.getParent().toString();
+        this.permission = perm.toString();
+    }
+    public IAppPermission getPermission() {
+        if (privatePerm == null && application != null && permission != null) {
+            for (IAppPermission appPerm : BortalApplication.valueOf(application).getPermissions()) {
+                if (appPerm.equals(permission)) {
+                    privatePerm = appPerm;
+                    break;
+                }
+            }
+        }
+        return privatePerm;
+    }
+}
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/CardTemplate.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/CardTemplate.java
@@ -25,8 +25,9 @@ import javax.persistence.Table;
 @NamedQueries({
        @NamedQuery(name = "CardTemplate.findAll", query = "SELECT c FROM CardTemplate c"),
        @NamedQuery(name = "CardTemplate.findByName", query = "SELECT c FROM CardTemplate c WHERE c.name = :name") })
-public class CardTemplate extends GenericEventChild {
+public class CardTemplate extends GenericEntity {
-    private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = -5754760238181167610L;
    @Lob
    @Column(name = "template_image")
@@ -45,7 +46,7 @@ public class CardTemplate extends GenericEventChild {
    private List<PrintedCard> cards;
    @ManyToOne
-    @JoinColumn(name = "event_id", referencedColumnName = "id", updatable = false, insertable = false)
+    @JoinColumn(nullable = false, name = "event_id", referencedColumnName = LanEvent.ID_COLUMN)
    private LanEvent event;
    public CardTemplate() {
@@ -53,11 +54,12 @@ public class CardTemplate extends GenericEventChild {
    }
    public CardTemplate(LanEvent event) {
-        super(event);
+        super();
+        this.event = event;
    }
    public CardTemplate(LanEvent event, String templateName) {
-        super(event);
+        this(event);
        this.name = templateName;
    }

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Discount.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Discount.java
@@ -61,9 +61,7 @@ public class Discount extends GenericEventChild {
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "discount")
    private List<DiscountInstance> discountInstances;
-    @JoinColumns({
+    @JoinColumn(name = "role_id", referencedColumnName = "id")
-            @JoinColumn(name = "role_id", referencedColumnName = "id"),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
    @ManyToOne()
    private Role role;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/EventPk.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/EventPk.java
@@ -14,8 +14,8 @@ import javax.persistence.GenerationType;
 @Embeddable
 public class EventPk implements Serializable {
-    public static final String ID_COLUMN = "id";
+    private static final String ID_COLUMN = GenericEventChild.ID_COLUMN;
-    public static final String EVENT_ID_COLUMN = "event_id";
+    private static final String EVENT_ID_COLUMN = GenericEventChild.EVENT_ID_COLUMN;
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = ID_COLUMN, nullable = false)
    private Integer id;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/GenericEntity.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/GenericEntity.java
@@ -7,14 +7,15 @@ import javax.persistence.Id;
 import javax.persistence.MappedSuperclass;
 import javax.persistence.Version;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 @MappedSuperclass
 public class GenericEntity extends EntityEquals implements ModelInterface<Integer> {
    private static final long serialVersionUID = -9041737052951021560L;
+    public static final String ID_COLUMN = "id";
    @Id
-    @Column(name = "id", nullable = false)
+    @Column(name = ID_COLUMN, nullable = false)
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Integer id;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/GenericEventChild.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/GenericEventChild.java
@@ -7,13 +7,15 @@ import javax.persistence.ManyToOne;
 import javax.persistence.MappedSuperclass;
 import javax.persistence.Version;
-import fi.insomnia.bortal.utilities.ModelInterface;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 @MappedSuperclass
 public abstract class GenericEventChild extends EntityEquals implements ModelInterface<EventPk> {
    private static final long serialVersionUID = -9041737052951021560L;
+    public static final String ID_COLUMN = "id";
+    public static final String EVENT_ID_COLUMN = "event_id";
    @EmbeddedId
    private EventPk id;
    @Version
@@ -21,7 +23,7 @@ public abstract class GenericEventChild extends EntityEquals implements ModelInt
    private int jpaVersionField = 0;
    @ManyToOne()
-    @JoinColumn(name = EventPk.EVENT_ID_COLUMN, insertable = false, updatable = false)
+    @JoinColumn(name = EVENT_ID_COLUMN, insertable = false, updatable = false)
    private LanEvent event;
    public GenericEventChild(LanEvent event) {

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LanEvent.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LanEvent.java
@@ -11,7 +11,6 @@ import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.JoinColumn;
-import javax.persistence.JoinColumns;
 import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
@@ -72,9 +71,7 @@ public class LanEvent extends GenericEntity {
    @OneToMany(mappedBy = "parentEvent")
    private List<LogEntry> logEntries;
-    @JoinColumns({
+    @JoinColumn(name = "default_role_id", referencedColumnName = "id")
-            @JoinColumn(name = "default_role_id", referencedColumnName = "id"),
-            @JoinColumn(name = "id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
    @OneToOne
    private Role defaultRole;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/NewsGroup.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/NewsGroup.java
@@ -51,9 +51,7 @@ public class NewsGroup extends GenericEventChild {
    private int priority;
    @ManyToOne(optional = false)
-    @JoinColumns({
+    @JoinColumns({ @JoinColumn(name = "writer_role_id", referencedColumnName = Role.ID_COLUMN, nullable = false), })
-            @JoinColumn(name = "writer_role_id", referencedColumnName = "id", nullable = false),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
    private Role writerRole;
    @OrderBy("priority")
@@ -62,10 +60,9 @@ public class NewsGroup extends GenericEventChild {
    @ManyToMany
    @JoinTable(name = "read_group_roles", joinColumns = {
-                @JoinColumn(name = "read_group_id", referencedColumnName = "id"),
+                @JoinColumn(name = "read_group_id", referencedColumnName = ID_COLUMN),
-                @JoinColumn(name = "event_id", referencedColumnName = "event_id") }, inverseJoinColumns = {
+                @JoinColumn(name = "event_id", referencedColumnName = EVENT_ID_COLUMN) }, inverseJoinColumns = {
-                @JoinColumn(name = "role_id", referencedColumnName = "id"),
+                @JoinColumn(name = "role_id", referencedColumnName = Role.ID_COLUMN) })
-                @JoinColumn(name = "event_id", referencedColumnName = "event_id") })
    private List<Role> readerRoles;
    public NewsGroup() {

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Place.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Place.java
@@ -76,9 +76,7 @@ public class Place extends GenericEventChild {
    private PlaceGroup group;
    @ManyToOne
-    @JoinColumns({
+    @JoinColumn(name = "provided_role_id", referencedColumnName = "id")
-            @JoinColumn(name = "provided_role_id", referencedColumnName = "id"),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
    private Role providesRole;
    @JoinColumns({

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/PrintedCard.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/PrintedCard.java
@@ -31,8 +31,8 @@ import javax.persistence.UniqueConstraint;
 */
 @Entity
 @Table(name = "printed_cards", uniqueConstraints = {
-        @UniqueConstraint(columnNames = { "rfid_uid", "event_id" }),
+        @UniqueConstraint(columnNames = { "event_id", "rfid_uid", }),
-        @UniqueConstraint(columnNames = { "barcode", "event_id" }) })
+        @UniqueConstraint(columnNames = { "event_id", "barcode" }) })
 @NamedQueries({
        @NamedQuery(name = "PrintedCard.findAll", query = "SELECT p FROM PrintedCard p"),
@@ -75,9 +75,7 @@ public class PrintedCard extends GenericEventChild {
    @ManyToOne(optional = false)
    private User user;
-    @JoinColumns({
+    @JoinColumn(nullable = false, name = "card_template_id", referencedColumnName = CardTemplate.ID_COLUMN)
-            @JoinColumn(name = "card_template_id", referencedColumnName = "id", nullable = false, updatable = false),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
    @ManyToOne(optional = false)
    private CardTemplate template;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Product.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Product.java
@@ -11,7 +11,6 @@ import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.JoinColumn;
-import javax.persistence.JoinColumns;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
@@ -54,9 +53,7 @@ public class Product extends GenericEventChild {
    @Column(name = "instant_shop")
    private boolean prepaidInstant = false;
-    @JoinColumns({
+    @JoinColumn(name = "provided_role_id", referencedColumnName = "id")
-            @JoinColumn(name = "provided_role_id", referencedColumnName = "id"),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", updatable = false, insertable = false) })
    @ManyToOne
    private Role provides;

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Role.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Role.java
@@ -11,8 +11,6 @@ import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.JoinColumn;
-import javax.persistence.JoinColumns;
-import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
@@ -25,21 +23,25 @@ import javax.persistence.UniqueConstraint;
 * 
 */
 @Entity
-@Table(name = "roles", uniqueConstraints = { @UniqueConstraint(columnNames = { "event_id", "role_name" }) })
+@Table(name = "roles", uniqueConstraints = { @UniqueConstraint(columnNames = { Role.EVENT_ID_COLUMN, Role.NAME_COLUMN }) })
 @NamedQueries({
        @NamedQuery(name = "Role.findForEvent", query = "SELECT r FROM Role r where r.event = :event"),
        @NamedQuery(name = "Role.findByRoleName", query = "SELECT r FROM Role r WHERE r.name = :name and r.event = :event"),
        // @NamedQuery(name="Role.findParentsExcluding", query="select r from
        // Role r, RoleRight rr where :user member of r.users ),
        @NamedQuery(name = "Role.findForUser", query = "SELECT r FROM Role r WHERE :user MEMBER OF r.users and r.event = :event") })
-public class Role extends GenericEventChild {
+public class Role extends GenericEntity {
    /**
     * 
     */
    private static final long serialVersionUID = -4602863502464505404L;
-    @Column(name = "role_name", nullable = false)
+    protected static final String NAME_COLUMN = "role_name";
+    protected static final String EVENT_ID_COLUMN = "event_id";
+    @Column(name = NAME_COLUMN, nullable = false)
    private String name;
    @ManyToMany(mappedBy = "roles")
@@ -55,21 +57,11 @@ public class Role extends GenericEventChild {
    private List<Place> placesProvide;
    @ManyToMany()
-    @JoinTable(name = "role_parents",
-            inverseJoinColumns = {
-                    @JoinColumn(name = "children_id", referencedColumnName = "id"),
-                    @JoinColumn(name = "event_id", referencedColumnName = "event_id", updatable = false, insertable = false) },
-            joinColumns = {
-                    @JoinColumn(name = "parent_id", referencedColumnName = "id"),
-                    @JoinColumn(name = "event_id", referencedColumnName = "event_id", updatable = false, insertable = false) })
    private List<Role> parents = new ArrayList<Role>();
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "role")
-    private List<RoleRight> roleRights;
+    private List<ApplicationPermission> permissions;
-    @JoinColumns({
-            @JoinColumn(name = "card_template_id", referencedColumnName = "id"),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", updatable = false, insertable = false) })
    @ManyToOne
    private CardTemplate cardTemplate;
@@ -83,7 +75,7 @@ public class Role extends GenericEventChild {
    private List<NewsGroup> newsGroups;
    @ManyToOne
-    @JoinColumn(name = "event_id", referencedColumnName = "id", updatable = false, insertable = false)
+    @JoinColumn(name = EVENT_ID_COLUMN, nullable = false)
    private LanEvent event;
    public Role() {
@@ -91,7 +83,6 @@ public class Role extends GenericEventChild {
    }
    public Role(LanEvent event) {
-        super(event);
        this.event = event;
    }
@@ -108,14 +99,6 @@ public class Role extends GenericEventChild {
        this.name = roleName;
    }
-    public List<RoleRight> getRoleRights() {
-        return roleRights;
-    }
-    public void setRoleRights(List<RoleRight> roleRightList) {
-        this.roleRights = roleRightList;
-    }
    public CardTemplate getCardTemplate() {
        return cardTemplate;
    }
@@ -194,5 +177,14 @@ public class Role extends GenericEventChild {
    public List<NewsGroup> getWriteNews() {
        return writeNews;
+    }
+    public void setPermissions(List<ApplicationPermission> permissions) {
+        this.permissions = permissions;
+    }
+    public List<ApplicationPermission> getPermissions() {
+        return permissions;
    }
 }
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/RoleRight.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/RoleRight.java
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package fi.insomnia.bortal.model;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinColumns;
-import javax.persistence.ManyToOne;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.Table;
-import javax.persistence.UniqueConstraint;
-import org.eclipse.persistence.annotations.ConversionValue;
-import org.eclipse.persistence.annotations.Convert;
-import org.eclipse.persistence.annotations.ObjectTypeConverter;
-import fi.insomnia.bortal.enums.Permission;
-/**
- * 
- * @author jkj
- */
-@Entity
-@Table(name = "role_rights", uniqueConstraints = { @UniqueConstraint(columnNames = { "event_id", "role_id", "permission" }) })
-@NamedQueries({ @NamedQuery(name = "RoleRight.findAll", query = "SELECT r FROM RoleRight r"),
-        @NamedQuery(name = "RoleRight.findByRightAndRole", query = "SELECT r FROM RoleRight r where r.role = :role and r.permission = :permission "),
-        @NamedQuery(name = "RoleRight.findByRolesForPermission", query = "SELECT rr from RoleRight rr where rr.role.id.eventId = :eventId and rr.role.id.id in :roleids and rr.permission = :permission") })
-@ObjectTypeConverter(name = "permissionconverter", objectType = Permission.class, dataType = String.class, conversionValues = {
-        @ConversionValue(dataValue = "LOGIN", objectValue = "LOGIN"),
-        @ConversionValue(dataValue = "USER_MANAGEMENT", objectValue = "USER_MANAGEMENT"),
-        @ConversionValue(dataValue = "ACCOUNT_MANAGEMENT", objectValue = "ACCOUNT_MANAGEMENT"),
-        @ConversionValue(dataValue = "MAP", objectValue = "MAP"),
-        @ConversionValue(dataValue = "BILL", objectValue = "BILL"),
-        @ConversionValue(dataValue = "ROLE_MANAGEMENT", objectValue = "ROLE_MANAGEMENT"),
-        @ConversionValue(dataValue = "PRODUCT", objectValue = "PRODUCT"),
-        @ConversionValue(dataValue = "SHOP", objectValue = "SHOP"),
-        @ConversionValue(dataValue = "GAME", objectValue = "GAME"),
-        @ConversionValue(dataValue = "POLL", objectValue = "POLL")
-})
-public class RoleRight extends GenericEventChild {
-    private static final long serialVersionUID = 1L;
-    @Column(name = "read_permission", nullable = false)
-    private boolean read = false;
-    @Column(name = "write_permission", nullable = false)
-    private boolean write = false;
-    @Column(name = "execute_permission", nullable = false)
-    private boolean execute = false;
-    // @JoinColumn(name = "access_right_id", referencedColumnName = "id")
-    // @ManyToOne
-    // private AccessRight accessRight;
-    @Convert("permissionconverter")
-    @Column(name = "permission", nullable = false)
-    private Permission permission;
-    @JoinColumns({
-            @JoinColumn(name = "role_id", referencedColumnName = "id", nullable = false, updatable = false),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
-    @ManyToOne(optional = false)
-    private Role role;
-    public RoleRight() {
-        super();
-    }
-    public RoleRight(Role role) {
-        this(new EventPk(role.getEvent()));
-        this.role = role;
-    }
-    public RoleRight(Role role, Permission right, boolean read, boolean write, boolean execute) {
-        this(role);
-        this.setPermission(right);
-        this.read = read;
-        this.write = write;
-        this.execute = execute;
-    }
-    public RoleRight(EventPk eventPk) {
-        super(eventPk);
-    }
-    public boolean isRead() {
-        return read;
-    }
-    public void setRead(boolean read) {
-        this.read = read;
-    }
-    public boolean isWrite() {
-        return write;
-    }
-    public void setWrite(boolean write) {
-        this.write = write;
-    }
-    public Role getRole() {
-        return role;
-    }
-    public void setRole(Role rolesId) {
-        this.role = rolesId;
-    }
-    public void setExecute(boolean execute) {
-        this.execute = execute;
-    }
-    public boolean isExecute() {
-        return execute;
-    }
-    public void setPermission(Permission permission) {
-        this.permission = permission;
-    }
-    public Permission getPermission() {
-        return permission;
-    }
-}
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/User.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/User.java
@@ -130,8 +130,7 @@ public class User extends GenericEntity {
    @ManyToMany()
    @JoinTable(name = "role_memberships", inverseJoinColumns = {
-                @JoinColumn(name = "role_id", referencedColumnName = "id"),
+                @JoinColumn(name = "role_id", referencedColumnName = Role.ID_COLUMN) },
-                @JoinColumn(name = "event_id", referencedColumnName = "event_id") },
                joinColumns = { @JoinColumn(name = "user_id", referencedColumnName = "id") })
    private List<Role> roles = new ArrayList<Role>();

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/converters/ApplicationPermissionFieldConverter.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/converters/ApplicationPermissionFieldConverter.java
+package fi.insomnia.bortal.model.converters;
+import org.eclipse.persistence.mappings.foundation.AbstractTransformationMapping;
+import org.eclipse.persistence.mappings.transformers.AttributeTransformer;
+import org.eclipse.persistence.mappings.transformers.FieldTransformer;
+import org.eclipse.persistence.sessions.Record;
+import org.eclipse.persistence.sessions.Session;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import fi.insomnia.bortal.enums.BortalApplication;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
+import fi.insomnia.bortal.model.ApplicationPermission;
+public class ApplicationPermissionFieldConverter implements AttributeTransformer, FieldTransformer {
+    /**
+	 * 
+	 */
+    private static final long serialVersionUID = 861773188187491632L;
+    private static final Logger logger = LoggerFactory.getLogger(ApplicationPermissionFieldConverter.class);
+    // record - - The metadata being used to build the object.
+    // session - - the current session
+    // object - - The current object that the attribute is being built for.
+    @Override
+    public Object buildAttributeValue(Record record, Object object, Session session) {
+        logger.debug("Converting record {} to object object {}", record, object);
+        if (object instanceof ApplicationPermission) {
+            ApplicationPermission destperm = (ApplicationPermission) object;
+            logger.debug("destprm appPerm {}", destperm.getApplication());
+            Object appNameObj = record.get(ApplicationPermission.APPLICATION_COLUMN);
+            Object permissionObject = record.get(ApplicationPermission.PERMISSION_COLUMN);
+            try {
+                if (appNameObj == null || permissionObject == null) {
+                    logger.warn("Application name field in record is empty! {}", record);
+                    return null;
+                }
+                String permstr = permissionObject.toString();
+                BortalApplication appEnum = BortalApplication.valueOf(appNameObj.toString());
+                for (IAppPermission perm : appEnum.getPermissions()) {
+                    if (perm.toString().equals(permstr)) {
+                        return perm;
+                    }
+                }
+                logger.warn("Value {} could not be translated to permission of {}", permstr, appEnum);
+            } catch (IllegalArgumentException e) {
+                logger.warn("Value not found in enums while converting ApplicationPermission , AppnameObj {} permissionObj {}", appNameObj, permissionObject);
+            } catch (NullPointerException ne) {
+                logger.warn("Caught null pointer in while convertion ApplicatoinPermission to object. AppName: {}, permissionName {}", appNameObj, permissionObject);
+            }
+        }
+        return null;
+    }
+    @Override
+    public void initialize(AbstractTransformationMapping arg0) {
+    }
+    // instance - - an instance of the domain class which contains the attribute
+    // session - - the current session
+    // fieldName - - the name of the field being transformed. Used if the user
+    // wants to use this transformer for multiple fields.
+    @Override
+    public Object buildFieldValue(Object instance, String session, Session fieldName) {
+        logger.debug("Converting permission of instance {}. Fieldname {}", instance, fieldName);
+        if (instance instanceof ApplicationPermission) {
+            return ((ApplicationPermission) instance).getPermission().toString();
+        }
+        return null;
+    }
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/BortalApplication.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/BortalApplication.java
 package fi.insomnia.bortal.enums;
+import fi.insomnia.bortal.enums.apps.BillPermission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
 import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.apps.LoginPermissions;
+import fi.insomnia.bortal.enums.apps.LoginPermission;
-import fi.insomnia.bortal.enums.apps.UserPermissions;
+import fi.insomnia.bortal.enums.apps.UserPermission;
 public enum BortalApplication {
 	// NOTE. add conversion Value to RoleRight
 	// PERMISSION("Description"),
-	LOGIN("Login related permissions", LoginPermissions.class),
+	LOGIN("Login related permissions", LoginPermission.class),
-	USER("User management related", UserPermissions.class),
+	USER("User management related", UserPermission.class),
 	USER_MANAGEMENT("View all users(r), modify users(w), execute actions for user(x) "),
 	ACCOUNT_MANAGEMENT("Manage others account events. view(r), modify(w) and create (shop)(x)"),
-	BILL("View all bills(r), Mark paid & modify(w), and create own bills (x)"),
+	BILL("View all bills(r), Mark paid & modify(w), and create own bills (x)", BillPermission.class),
 	MAP("view maps(r), Modify(w), reserve places from maps(x)"),
 	ROLE_MANAGEMENT("User has right to view(r), modify(w) and assign(x) roles"),
 	PRODUCT("View(r), modify(w), and shop(x) products"),
@@ -35,7 +37,7 @@ public enum BortalApplication {
 	private BortalApplication(String descr) {
-		this.permissions = LoginPermissions.class;
+		this.permissions = FixPerm.class;
 		this.setDescription(descr);
 	}
@@ -46,4 +48,5 @@ public enum BortalApplication {
 	public String getDescription() {
 		return description;
 	}
 }
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/Permission.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/Permission.java
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package fi.insomnia.bortal.enums;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-/**
- * 
- * @author tuukka
- */
-public enum Permission {
-	// NOTE. add conversion Value to RoleRight
-	// PERMISSION("Description"),
-	LOGIN("User can see loginbutton(r), create new user(w), invite others (x)"),
-	USER_MANAGEMENT("View all users(r), modify users(w), execute actions for user(x) "),
-	ACCOUNT_MANAGEMENT("Manage others account events. view(r), modify(w) and create (shop)(x)"),
-	BILL("View all bills(r), Mark paid & modify(w), and create own bills (x)"),
-	MAP("view maps(r), Modify(w), reserve places from maps(x)"),
-	ROLE_MANAGEMENT("User has right to view(r), modify(w) and assign(x) roles"),
-	PRODUCT("View(r), modify(w), and shop(x) products"),
-	SHOP("View own shopped events(r), Modify own AccountEvents() and Shop(x)"),
-	GAME("View(r) own, modify(w), view all(X)"),
-	POLL("View answers(r), create polls (w), answer to polls(x)");
-	private String description;
-	private static final Logger logger = LoggerFactory.getLogger(Permission.class);
-	public static final String EXECUTE = "/EXECUTE";
-	public static final String READ = "/READ";
-	public static final String WRITE = "/WRITE";
-	public static Permission getPermission(String name) {
-		if (name == null || name.isEmpty()) {
-			logger.warn("Trying to get permission for empty name {}", name);
-			return null;
-		}
-		try {
-			return valueOf(name);
-		} catch (IllegalArgumentException x) {
-			throw x;
-		}
-	}
-	Permission(String description) {
-		this.description = description;
-	}
-	Permission() {
-	}
-	public String getName() {
-		return name();
-	}
-	/**
-	 * @return the description
-	 */
-	public String getDescription() {
-		return description;
-	}
-}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/BillPermission.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/BillPermission.java
+package fi.insomnia.bortal.enums.apps;
+import fi.insomnia.bortal.enums.BortalApplication;
+public enum BillPermission implements IAppPermission {
+	READ_ALL("Read all bills"), WRITE_ALL("Modify all bills"), CREATE_BILL("Create bills for self")
+	;
+	private String description;
+	private String fullName;
+	private BillPermission(String desc) {
+		description = desc;
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
+	}
+	@Override
+	public BortalApplication getParent() {
+		return BortalApplication.BILL;
+	}
+	@Override
+	public String getDescription() {
+		return this.description;
+	}
+	@Override
+	public String getFullName() {
+		return fullName;
+	}
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/FixPerm.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/FixPerm.java
+package fi.insomnia.bortal.enums.apps;
+import fi.insomnia.bortal.enums.BortalApplication;
+public enum FixPerm implements IAppPermission {
+	FIX("FIX THIS");
+	private final String description;
+	private final String fullName;
+	private FixPerm(String desc) {
+		this.description = desc;
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
+	}
+	@Override
+	public BortalApplication getParent() {
+		return BortalApplication.LOGIN;
+	}
+	@Override
+	public String getDescription() {
+		return this.description;
+	}
+	@Override
+	public String getFullName() {
+		return fullName;
+	}
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/IAppPermission.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/IAppPermission.java
@@ -6,8 +6,12 @@ import fi.insomnia.bortal.enums.BortalApplication;
 public interface IAppPermission extends Serializable {
+	static final String DELIMITER = "/";
 	public BortalApplication getParent();
 	public String getDescription();
+	public String getFullName();
 }
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/LoginPermissions.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/LoginPermissions.java
@@ -2,14 +2,16 @@ package fi.insomnia.bortal.enums.apps;
 import fi.insomnia.bortal.enums.BortalApplication;
-public enum LoginPermissions implements IAppPermission {
+public enum LoginPermission implements IAppPermission {
 	LOGIN("Can login"), LOGOUT("Can logout");
 	private String description;
+	private String fullName;
-	private LoginPermissions(String desc) {
+	private LoginPermission(String desc) {
 		this.description = desc;
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
 	}
 	@Override
@@ -17,7 +19,13 @@ public enum LoginPermissions implements IAppPermission {
 		return BortalApplication.LOGIN;
 	}
+	@Override
 	public String getDescription() {
 		return this.description;
 	}
+	@Override
+	public String getFullName() {
+		return fullName;
+	}
 }
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/MapPermission.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/MapPermission.java
+package fi.insomnia.bortal.enums.apps;
+import fi.insomnia.bortal.enums.BortalApplication;
+public enum MapPermission implements IAppPermission {
+	MANAGE_OTHERS("Manage other users reservations in map"), BUY_PLACES("Reserve and buy places from map"), VIEW("View maps");
+	private String description;
+	private String fullName;
+	private MapPermission(String desc) {
+		description = desc;
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
+	}
+	@Override
+	public BortalApplication getParent() {
+		return BortalApplication.USER;
+	}
+	@Override
+	public String getDescription() {
+		return description;
+	}
+	@Override
+	public String getFullName() {
+		return fullName;
+	}
+}
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/UserPermissions.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/UserPermissions.java
@@ -2,13 +2,16 @@ package fi.insomnia.bortal.enums.apps;
 import fi.insomnia.bortal.enums.BortalApplication;
-public enum UserPermissions implements IAppPermission {
+public enum UserPermission implements IAppPermission {
 	VIEW("View all users"), MODIFY("Modify users");
 	private String description;
+	private String fullName;
-	private UserPermissions(String desc) {
+	private UserPermission(String desc) {
 		description = desc;
+		fullName = new StringBuilder().append(getParent().toString()).append(DELIMITER).append(toString()).toString();
 	}
 	@Override
@@ -20,4 +23,9 @@ public enum UserPermissions implements IAppPermission {
 	public String getDescription() {
 		return description;
 	}
+	@Override
+	public String getFullName() {
+		return fullName;
+	}
 }
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/SearchResult.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/SearchResult.java
@@ -3,6 +3,8 @@ package fi.insomnia.bortal.utilities;
 import java.io.Serializable;
 import java.util.List;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
 public class SearchResult<T extends ModelInterface<?>> implements Serializable {
 	/**

--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/ModelInterface.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/ModelInterface.java
-package fi.insomnia.bortal.utilities;
+package fi.insomnia.bortal.utilities.jpa;
 import java.io.Serializable;

--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/jsf/EntityFinderBean.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/jsf/EntityFinderBean.java
+package fi.insomnia.bortal.utilities.jsf;
+import fi.insomnia.bortal.utilities.jpa.ModelInterface;
+public interface EntityFinderBean<E extends ModelInterface<Integer>> {
+	public E find(Integer id);
+}
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
@@ -21,8 +21,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.EventBeanLocal;
 import fi.insomnia.bortal.beans.PermissionBeanLocal;
 import fi.insomnia.bortal.beans.RoleBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.User;
 /**
@@ -61,26 +60,27 @@ public class SessionHandler {
 		return "insomnia2";
 	}
-	public boolean hasPermission(String target, String permission) {
+	// public boolean hasPermission(String target, String permission) {
-		RolePermission perm = RolePermission.valueOf(permission.toUpperCase());
+	// RolePermission perm = RolePermission.valueOf(permission.toUpperCase());
-		// RolePermission perm = null;
+	// // RolePermission perm = null;
-		// if (permission.equalsIgnoreCase("read")) {
+	// // if (permission.equalsIgnoreCase("read")) {
-		// perm = RolePermission.READ;
+	// // perm = RolePermission.READ;
-		// } else if (permission.equals("write")) {
+	// // } else if (permission.equals("write")) {
-		// perm = RolePermission.WRITE;
+	// // perm = RolePermission.WRITE;
-		// } else if (permission.equals("execute")) {
+	// // } else if (permission.equals("execute")) {
-		// perm = RolePermission.EXECUTE;
+	// // perm = RolePermission.EXECUTE;
-		// }else {
+	// // }else {
-		// throw new RuntimeException("permission " + permission +
+	// // throw new RuntimeException("permission " + permission +
-		// " does not match any")
+	// // " does not match any")
-		// }
+	// // }
-		if (perm == null) {
+	// if (perm == null) {
-			logger.warn("Permission {} does not have matching value in RolePermission enum!");
+	// logger.warn("Permission {} does not have matching value in RolePermission enum!");
-			throw new RuntimeException("Matching role permission could not be found!");
+	// throw new
-		}
+	// RuntimeException("Matching role permission could not be found!");
+	// }
-		return hasPermission(target, perm);
+	//
-	}
+	// return hasPermission(target, perm);
+	// }
 	//
 	// private HttpSession getHttpSession() {
@@ -94,33 +94,16 @@ public class SessionHandler {
 	// return permbean.hasPermission(perm);
 	// }
-	public boolean hasPermission(Permission target, RolePermission permission) {
+	public boolean hasPermission(IAppPermission permission) {
-		if (target == null || permission == null) {
+		if (permission == null) {
-			logger.warn("Target {} or permission {} is null", target, permission);
+			logger.warn("permission {} is null", permission);
 			throw new RuntimeException("Empty target or permission!");
 		}
-		boolean ret = permbean.hasPermission(target, permission);
+		boolean ret = permbean.hasPermission(permission);
 		return ret;
 	}
-	public boolean hasPermission(String target, RolePermission permission) {
-		return hasPermission(Permission.getPermission(target), permission);
-	}
-	public boolean canWrite(String target) {
-		return hasPermission(target, RolePermission.WRITE);
-	}
-	public boolean canRead(String target) {
-		return hasPermission(target, RolePermission.READ);
-	}
-	public boolean canExecute(String target) {
-		return hasPermission(target, RolePermission.EXECUTE);
-	}
 	public String logout() {
 		FacesContext ctx = FacesContext.getCurrentInstance();
@@ -152,7 +135,4 @@ public class SessionHandler {
 	}
-	public String fatalPermission(String target, String right) {
-		return "FATALPERM!!: " + target + " " + right;
-	}
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PlaceMap.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PlaceMap.java
@@ -28,8 +28,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.PermissionBeanLocal;
 import fi.insomnia.bortal.beans.PermissionDeniedException;
 import fi.insomnia.bortal.beans.PlaceMapBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.MapPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.EventMap;
 import fi.insomnia.bortal.model.Place;
 import fi.insomnia.bortal.model.User;
@@ -119,7 +118,7 @@ public class PlaceMap extends HttpServlet {
 	private void printPlaceMapToStream(OutputStream outputStream, String filetype, EventMap map) throws IOException, PermissionDeniedException {
-		permbean.fatalPermission(Permission.MAP, RolePermission.READ, "User tried to print the placemap to Stream");
+		permbean.fatalPermission(MapPermission.VIEW, "User tried to print the placemap to Stream");
 		long begin = new Date().getTime();

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/AccountEventView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/AccountEventView.java
@@ -5,8 +5,7 @@ import javax.enterprise.context.ConversationScoped;
 import javax.inject.Named;
 import fi.insomnia.bortal.beans.AccountEventBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.UserPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.AccountEvent;
 @Named
@@ -28,7 +27,7 @@ public class AccountEventView extends GenericCDIView {
 	public void initView() {
-		canSave = permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.READ);
+		canSave = permbean.hasPermission(UserPermission.VIEW);
 		if (requirePermissions(permbean.isLoggedIn(), canSave)) {
 			beginConversation();
 			accountevent = accounteventbean.find(getPk(accountid));

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/BillListView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/BillListView.java
@@ -9,8 +9,7 @@ import javax.inject.Inject;
 import javax.inject.Named;
 import fi.insomnia.bortal.beans.BillBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.BillPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.Bill;
 import fi.insomnia.bortal.model.User;
 import fi.insomnia.bortal.web.annotations.SelectedUser;
@@ -33,10 +32,13 @@ public class BillListView extends GenericCDIView {
 	private ListDataModel<Bill> bills;
+	private boolean writeBill;
 	public void initAllBills() {
-		if (super.requirePermissions(Permission.BILL, RolePermission.READ)) {
+		if (super.requirePermissions(BillPermission.READ_ALL)) {
 			beginConversation();
 			bills = new ListDataModel<Bill>(billbean.findAll());
+			writeBill = permbean.hasPermission(BillPermission.WRITE_ALL);
 		}
 	}
@@ -44,11 +46,14 @@ public class BillListView extends GenericCDIView {
 		if (requirePermissions(permbean.isLoggedIn())) {
 			beginConversation();
 			bills = new ListDataModel<Bill>(user.getBills());
+			writeBill = permbean.hasPermission(BillPermission.WRITE_ALL);
 		}
 	}
 	public String markPaid() {
-		if (permbean.hasPermission(Permission.BILL, RolePermission.WRITE)) {
+		if (permbean.hasPermission(BillPermission.WRITE_ALL)) {
 			billbean.markPaid(bills.getRowData(), Calendar.getInstance());
 			this.addFaceMessage("bill.markedPaid");
@@ -71,6 +76,6 @@ public class BillListView extends GenericCDIView {
 	}
 	public boolean canWriteBill() {
-		return permbean.hasPermission(Permission.BILL, RolePermission.WRITE);
+		return writeBill;
 	}
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/GenericCDIView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/GenericCDIView.java
@@ -14,8 +14,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.EventBeanLocal;
 import fi.insomnia.bortal.beans.PermissionBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.IAppPermission;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.handler.NavigationHandler;
 import fi.insomnia.bortal.model.EventPk;
 import fi.insomnia.bortal.utilities.I18n;
@@ -47,10 +46,10 @@ public abstract class GenericCDIView implements Serializable {
 	}
-	protected boolean requirePermissions(Permission perm, RolePermission rp, boolean... externalChecks) {
+	protected boolean requirePermissions(IAppPermission perm, boolean... externalChecks) {
 		boolean[] perms = new boolean[externalChecks.length + 1];
-		perms[0] = permbean.hasPermission(perm, rp);
+		perms[0] = permbean.hasPermission(perm);
 		if (externalChecks.length == 0) {
 			System.arraycopy(externalChecks, 0, perms, 1, externalChecks.length);
 		}

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/NewsListView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/NewsListView.java
@@ -7,8 +7,7 @@ import javax.enterprise.context.RequestScoped;
 import javax.inject.Named;
 import fi.insomnia.bortal.beans.NewsBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.NewsGroup;
 @Named
@@ -26,7 +25,7 @@ public class NewsListView extends GenericCDIView {
 	private List<NewsGroup> newsgroups;
 	public void initView() {
-		if (super.requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ))) {
+		if (super.requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			setNewsgroups(newsbean.findAll());
 		}
 	}

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/NewsgroupView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/NewsgroupView.java
@@ -5,8 +5,7 @@ import javax.enterprise.context.ConversationScoped;
 import javax.inject.Named;
 import fi.insomnia.bortal.beans.NewsBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.NewsGroup;
 @Named
@@ -23,7 +22,7 @@ public class NewsgroupView extends GenericCDIView {
 	private NewsGroup newsgroup;
 	public void initView() {
-		if (super.requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ))) {
+		if (super.requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			super.beginConversation();
 			if (newsgroupid == 0 && newsgroup == null) {
 				newsgroup = new NewsGroup();

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/PasswordView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/PasswordView.java
@@ -7,8 +7,7 @@ import javax.inject.Named;
 import fi.insomnia.bortal.beans.PermissionDeniedException;
 import fi.insomnia.bortal.beans.UserBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.User;
 import fi.insomnia.bortal.web.annotations.SelectedUser;
@@ -32,7 +31,7 @@ public class PasswordView extends GenericCDIView {
 	private String passwordcheck;
 	public String changePassword() {
-		if (permbean.isCurrentUser(user) || permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE)) {
+		if (permbean.isCurrentUser(user) || permbean.hasPermission(FixPerm.FIX)) {
 			if (password != null && password.equals(passwordcheck)) {
 				user.resetPassword(password);
 				try {

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/PlaceView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/PlaceView.java
@@ -17,8 +17,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.PermissionDeniedException;
 import fi.insomnia.bortal.beans.PlaceBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.exceptions.BortalCatchableException;
 import fi.insomnia.bortal.model.EventMap;
 import fi.insomnia.bortal.model.Place;
@@ -97,7 +96,7 @@ public class PlaceView extends GenericCDIView {
 	}
 	public void initView() {
-		if (super.requirePermissions(Permission.MAP, RolePermission.WRITE)) {
+		if (super.requirePermissions(FixPerm.FIX)) {
 			if (getPlaceId() != null) {
 				this.place = placebean.find(getPlaceId());
 			}

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/ProductShopView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/ProductShopView.java
@@ -16,8 +16,7 @@ import fi.insomnia.bortal.beans.BillBeanLocal;
 import fi.insomnia.bortal.beans.EventBeanLocal;
 import fi.insomnia.bortal.beans.PermissionDeniedException;
 import fi.insomnia.bortal.beans.ProductBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.Bill;
 import fi.insomnia.bortal.model.User;
 import fi.insomnia.bortal.web.annotations.SelectedUser;
@@ -48,9 +47,9 @@ public class ProductShopView extends GenericCDIView {
 	public void initView() {
 		this.beginConversation();
-		if (permbean.hasPermission(Permission.SHOP, RolePermission.EXECUTE)) {
+		if (permbean.hasPermission(FixPerm.FIX)) {
 			shoppingcart = new ListDataModel<ProductShopItem>(ProductShopItem.productList(productBean.listUserShoppableProducts()));
-		} else if (requirePermissions(permbean.hasPermission(Permission.ACCOUNT_MANAGEMENT, RolePermission.EXECUTE))) {
+		} else if (requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			shoppingcart = new ListDataModel<ProductShopItem>(ProductShopItem.productList(productBean.getProducts()));
 		}
 	}

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/ReaderView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/ReaderView.java
@@ -6,8 +6,7 @@ import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.web.helpers.RfidEvent;
 @Named
@@ -25,7 +24,7 @@ public class ReaderView extends GenericCDIView {
 	private RfidContainer container;
 	public void initView() {
-		super.requirePermissions(permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.READ));
+		super.requirePermissions(permbean.hasPermission(FixPerm.FIX));
 	}
 	public List<RfidEvent> getReaderEvents() {

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/RoleView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/RoleView.java
@@ -4,8 +4,6 @@ import java.util.List;
 import javax.ejb.EJB;
 import javax.enterprise.context.ConversationScoped;
-import javax.faces.model.DataModel;
-import javax.faces.model.ListDataModel;
 import javax.inject.Named;
 import org.slf4j.Logger;
@@ -13,10 +11,8 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.EventBeanLocal;
 import fi.insomnia.bortal.beans.RoleBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.Role;
-import fi.insomnia.bortal.model.RoleRight;
 @ConversationScoped
 @Named
@@ -35,45 +31,44 @@ public class RoleView extends GenericCDIView {
 	@EJB
 	private EventBeanLocal eventbean;
-	private ListDataModel<RoleRight> rolerights;
 	private static final Logger logger = LoggerFactory.getLogger(RoleView.class);
 	public void permissionCreate() {
-		requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE));
+		requirePermissions(permbean.hasPermission(FixPerm.FIX));
 	}
 	public void permissionRead() {
-		requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.READ));
+		requirePermissions(permbean.hasPermission(FixPerm.FIX));
 	}
 	public void initForCreate() {
-		if (role == null && requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE))) {
+		if (role == null && requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			role = new Role(eventbean.getCurrentEvent());
 			super.beginConversation();
 		}
 	}
-	public String saveRoleRight() {
+	//
+	// public String saveRoleRight() {
-		for (RoleRight rr : rolerights) {
+	//
-			rolebean.mergeChanges(rr);
+	// for (RoleRight rr : rolerights) {
-		}
+	// rolebean.mergeChanges(rr);
-		rolerights = null;
+	// }
+	// rolerights = null;
-		return "editRoleright";
+	//
-	}
+	// return "editRoleright";
+	// }
-	public DataModel<RoleRight> getRoleRights() {
+	//
+	// public DataModel<RoleRight> getRoleRights() {
-		if (rolerights == null && role != null) {
+	//
-			rolerights = new ListDataModel<RoleRight>(rolebean.getRoleRights(role));
+	// if (rolerights == null && role != null) {
-		}
+	// rolerights = new ListDataModel<RoleRight>(rolebean.getRoleRights(role));
-		return rolerights;
+	// }
-	}
+	// return rolerights;
+	// }
 	public void initViewFromId() {
-		if (requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE))) {
+		if (requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			super.beginConversation();
 			role = rolebean.find(getRoleid());
 			logger.debug("Initialized role: {} from id ", role, getRoleid());
@@ -81,7 +76,7 @@ public class RoleView extends GenericCDIView {
 	}
 	public String create() {
-		super.requirePermissions(permbean.hasPermission(Permission.ROLE_MANAGEMENT, RolePermission.WRITE));
+		super.requirePermissions(permbean.hasPermission(FixPerm.FIX));
 		role = rolebean.create(getRole());
 		return "roleCreated";
 	}
@@ -108,14 +103,6 @@ public class RoleView extends GenericCDIView {
 		return rolebean.getPossibleParents(getRole());
 	}
-	public void setRolerights(ListDataModel<RoleRight> rolerights) {
-		this.rolerights = rolerights;
-	}
-	public ListDataModel<RoleRight> getRolerights() {
-		return rolerights;
-	}
 	public void setRoleid(int roleid) {
 		this.roleid = roleid;
 	}

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/UserSearchView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/UserSearchView.java
@@ -6,8 +6,7 @@ import javax.faces.model.ListDataModel;
 import javax.inject.Named;
 import fi.insomnia.bortal.beans.UserBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.User;
 @Named
@@ -30,7 +29,7 @@ public class UserSearchView extends GenericCDIView implements IPaginationView {
 	private ListDataModel<User> users;
 	public void initView() {
-		if (requirePermissions(permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.READ))) {
+		if (requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			users = new ListDataModel<User>(userbean.getUsers(page, pagesize, sort, search));
 			resultcount = userbean.getUsersCount(search);
 			pagecount = ((resultcount + pagesize - 1) / pagesize);

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/UserView.java
@@ -10,8 +10,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.PermissionDeniedException;
 import fi.insomnia.bortal.beans.UserBeanLocal;
-import fi.insomnia.bortal.enums.Permission;
+import fi.insomnia.bortal.enums.apps.FixPerm;
-import fi.insomnia.bortal.enums.RolePermission;
 import fi.insomnia.bortal.model.User;
 import fi.insomnia.bortal.web.annotations.LoggedIn;
 import fi.insomnia.bortal.web.annotations.SelectedUser;
@@ -43,7 +42,7 @@ public class UserView extends GenericCDIView {
 	@SelectedUser
 	public User getSelectedUser() {
 		if (user == null) {
-			if (userid > 0 && permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.READ)) {
+			if (userid > 0 && permbean.hasPermission(FixPerm.FIX)) {
 				user = userbean.findById(userid);
 			} else {
 				user = getCurrentUser();
@@ -53,7 +52,7 @@ public class UserView extends GenericCDIView {
 	}
 	public void initCreateView() {
-		if (super.requirePermissions(permbean.hasPermission(Permission.LOGIN, RolePermission.WRITE))) {
+		if (super.requirePermissions(permbean.hasPermission(FixPerm.FIX))) {
 			if (user == null) {
 				user = new User();
 			}
@@ -69,13 +68,13 @@ public class UserView extends GenericCDIView {
 		 */
 		if (super.requirePermissions(permbean.isLoggedIn())) {
 			getSelectedUser();
-			canSave = getCurrentUser().equals(user) || permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE);
+			canSave = getCurrentUser().equals(user) || permbean.hasPermission(FixPerm.FIX);
 			this.beginConversation();
 		}
 	}
 	public String saveUser() {
-		if (permbean.getCurrentUser().getId().equals(userid) || permbean.hasPermission(Permission.USER_MANAGEMENT, RolePermission.WRITE)) {
+		if (permbean.getCurrentUser().getId().equals(userid) || permbean.hasPermission(FixPerm.FIX)) {
 			this.addFaceMessage("user.saveSuccessfull");
 			try {
 				user = userbean.mergeChanges(user);

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/CardTemplateConverter.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/CardTemplateConverter.java
@@ -2,49 +2,22 @@ package fi.insomnia.bortal.web.converter;
 import javax.ejb.EJB;
 import javax.enterprise.context.RequestScoped;
-import javax.faces.component.UIComponent;
-import javax.faces.context.FacesContext;
-import javax.faces.convert.Converter;
 import javax.inject.Named;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.CardTemplateBeanLocal;
 import fi.insomnia.bortal.model.CardTemplate;
-import fi.insomnia.bortal.model.EventPk;
+import fi.insomnia.bortal.utilities.jsf.EntityFinderBean;
 @Named("cardTemplateConverter")
 @RequestScoped
-public class CardTemplateConverter implements Converter {
+public class CardTemplateConverter extends GenericIntegerEntityConverter<CardTemplate> {
 	@EJB
 	private CardTemplateBeanLocal ctbean;
-	private static final Logger logger = LoggerFactory.getLogger(CardTemplateBeanLocal.class);
 	@Override
-	public Object getAsObject(FacesContext context, UIComponent component, String value) {
+	protected EntityFinderBean<CardTemplate> getFinder() {
-		if (value == null || value.isEmpty()) {
+		return ctbean;
-			return null;
-		}
-		Integer id = Integer.valueOf(value);
-		logger.debug("Converting CardTemplate value '{}', to id {}", value, id);
-		CardTemplate ret = ctbean.findById(id);
-		return ret;
 	}
-	@Override
+	//
-	public String getAsString(FacesContext context, UIComponent component, Object value) {
-		String ret = "";
-		if (value instanceof CardTemplate) {
-			EventPk id = ((CardTemplate) value).getId();
-			if (id != null) {
-				ret = id.getId().toString();
-			}
-		} else {
-			throw new RuntimeException("Entity not of type CardTemplate!!");
-		}
-		return ret;
-	}
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/GenericIntegerEntityConverter.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/GenericIntegerEntityConverter.java
+package fi.insomnia.bortal.web.converter;
+import javax.faces.component.UIComponent;
+import javax.faces.context.FacesContext;
+import javax.faces.convert.Converter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import fi.insomnia.bortal.model.GenericEntity;
+import fi.insomnia.bortal.utilities.jsf.EntityFinderBean;
+public abstract class GenericIntegerEntityConverter<T extends GenericEntity> implements Converter {
+	protected abstract EntityFinderBean<T> getFinder();
+	public GenericIntegerEntityConverter() {
+		super();
+	}
+	private static final Logger logger = LoggerFactory.getLogger(GenericIntegerEntityConverter.class);
+	@Override
+	public Object getAsObject(FacesContext context, UIComponent component, String value) {
+		T ret = null;
+		Integer id = null;
+		if (value != null) {
+			id = Integer.parseInt(value);
+			if (id != null) {
+				ret = getFinder().find(id);
+			}
+		}
+		logger.debug("Converted String {} to Integer {} became object {}", new Object[] { value, id, ret });
+		return ret;
+	}
+	@Override
+	public String getAsString(FacesContext context, UIComponent component, Object value) {
+		String ret = null;
+		if (value != null && value instanceof GenericEntity) {
+			GenericEntity entity = (GenericEntity) value;
+			ret = entity.getId().toString();
+		}
+		return ret;
+	}
+}
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/RoleConverter.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/RoleConverter.java
@@ -33,7 +33,7 @@ public class RoleConverter implements Converter {
 	public String getAsString(FacesContext context, UIComponent component, Object value) {
 		String ret = "";
 		if (value instanceof Role) {
-			ret = ((Role) value).getId().getId().toString();
+			ret = ((Role) value).getId().toString();
 		}
 		logger.debug("converting role {} to string", ret);
 		return ret;