Index: topia2/src/java/org/codelutin/topia/generator/DAOAbstractGenerator.java
diff -u topia2/src/java/org/codelutin/topia/generator/DAOAbstractGenerator.java:1.16 topia2/src/java/org/codelutin/topia/generator/DAOAbstractGenerator.java:1.17
--- topia2/src/java/org/codelutin/topia/generator/DAOAbstractGenerator.java:1.16	Tue Dec  4 16:42:58 2007
+++ topia2/src/java/org/codelutin/topia/generator/DAOAbstractGenerator.java	Wed Dec  5 16:21:16 2007
@@ -24,9 +24,9 @@
 * Created: 12 déc. 2005
 *
 * @author Arnaud Thimel <thimel@codelutin.com>
-* @version $Revision: 1.16 $
+* @version $Revision: 1.17 $
 *
-* Mise a jour: $Date: 2007-12-04 16:42:58 $
+* Mise a jour: $Date: 2007-12-05 16:21:16 $
 * par : $Author: ruchaud $
 */
 
@@ -35,10 +35,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.Writer;
-import java.security.Permission;
-import java.util.ArrayList;
 import java.util.Iterator;
-import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -49,9 +46,6 @@
 import org.codelutin.generator.models.object.ObjectModelAttribute;
 import org.codelutin.generator.models.object.ObjectModelClass;
 import org.codelutin.generator.models.object.ObjectModelClassifier;
-import org.codelutin.topia.TopiaException;
-import org.codelutin.topia.framework.TopiaContextImplementor;
-import org.codelutin.topia.persistence.TopiaDAO;
 import org.codelutin.util.StringUtil;
 
 /**
@@ -91,14 +85,25 @@
 import org.codelutin.topia.TopiaException;
 import org.codelutin.topia.framework.TopiaContextImplementor;
 }*/
-        String security = clazz.getTagValue("security");
-        if(GeneratorUtil.notEmpty(security)) {     
+        String securityCreate = clazz.getTagValue("securityCreate");
+        String securityLoad = clazz.getTagValue("securityLoad");
+        String securityUpdate = clazz.getTagValue("securityUpdate");
+        String securityDelete = clazz.getTagValue("securityDelete");
+        
+        if(GeneratorUtil.notEmpty(securityCreate) ||
+                GeneratorUtil.notEmpty(securityLoad) ||
+                GeneratorUtil.notEmpty(securityUpdate) ||
+                GeneratorUtil.notEmpty(securityDelete)) {
 /*{
 import java.util.ArrayList;
 import java.security.Permission;
 import org.codelutin.topia.taas.entities.TaasAuthorizationImpl;
 import org.codelutin.topia.taas.jaas.TaasPermission;
 import org.codelutin.topia.persistence.TopiaDAO;
+import static org.codelutin.topia.taas.TaasUtil.CREATE;
+import static org.codelutin.topia.taas.TaasUtil.DELETE;
+import static org.codelutin.topia.taas.TaasUtil.LOAD;
+import static org.codelutin.topia.taas.TaasUtil.UPDATE;
 }*/
         }
 /*{
@@ -222,10 +227,10 @@
             }
         }
         
-        if(GeneratorUtil.notEmpty(security)) {
-            Pattern propertiesPattern = Pattern
-                .compile("((?:[_a-zA-Z0-9]+\\.)+(?:_?[A-Z][_a-zA-Z0-9]*\\.)+)attribute\\.(?:([_a-z0-9][_a-zA-Z0-9]*))");
-            String[] valuesSecurity = security.split(":");
+        if(GeneratorUtil.notEmpty(securityCreate) ||
+                GeneratorUtil.notEmpty(securityLoad) ||
+                GeneratorUtil.notEmpty(securityUpdate) ||
+                GeneratorUtil.notEmpty(securityDelete)) {
 /*{
     /**
      * Retourne les permissions a verifier pour l'acces a l'entite pour le service Taas
@@ -234,30 +239,27 @@
      * @return la liste des permissions
      *)
     public List<Permission> getRequestPermission(String topiaId, int actions) throws TopiaException {
-        List<Permission> resultPermissions = new ArrayList<Permission>();}*/
-            for (String valueSecurity : valuesSecurity) {
-                Matcher matcher = propertiesPattern.matcher(valueSecurity);
-                matcher.find();
-                // className is fully qualified name of class
-                String className = matcher.group(1);
-                className = StringUtil.substring(className, 0, -1); // remove ended
-                // .
-                // target is class, attribute or operation
-                String attributeName = matcher.group(2);
-                
-                String query = "";
-                String daoClass = "";
-                if(className.equals(clazz.getQualifiedName())) {
-                    query = "select " + attributeName + ".topiaId from " + clazz.getQualifiedName() + " where topiaId = ?";
-                    daoClass = clazz.getAttribute(attributeName).getClassifier().getQualifiedName();
-                } else {
-                    query = "select at.topiaId from " + clazz.getQualifiedName() + " cl, " + className + " at where topiaId = ? and at." + attributeName + " in cl";
-                    daoClass = className;
-                }
+        List<Permission> resultPermissions = new ArrayList<Permission>();
+        if ((actions & CREATE) == CREATE) {
+}*/
+            generateSecurity(output, clazz, securityCreate);
 /*{
-        resultPermissions.addAll(getRequestPermission(topiaId, actions, "<%=query%>", <%=daoClass%>.class));}*/
-            }
+        }
+        if ((actions & LOAD) == LOAD) {
+}*/
+            generateSecurity(output, clazz, securityLoad);
 /*{
+        }
+        if ((actions & UPDATE) == UPDATE) {
+}*/
+            generateSecurity(output, clazz, securityUpdate);
+/*{
+        }
+        if ((actions & DELETE) == DELETE) {
+}*/
+            generateSecurity(output, clazz, securityDelete);
+/*{
+        }
         return resultPermissions;
     }
     
@@ -295,6 +297,41 @@
 }*/
     }
 
+    private void generateSecurity(Writer output, ObjectModelClass clazz, String security) throws IOException {
+        if(security != null) {
+            Pattern propertiesPattern = Pattern
+                .compile("((?:[_a-zA-Z0-9]+\\.)+(?:_?[A-Z][_a-zA-Z0-9]*\\.)+)attribute\\.(?:([_a-z0-9][_a-zA-Z0-9]*))#(?:(create|load|update|delete))");
+            String[] valuesSecurity = security.split(":");
+            
+            for (String valueSecurity : valuesSecurity) {
+                Matcher matcher = propertiesPattern.matcher(valueSecurity);
+                matcher.find();
+                // className is fully qualified name of class
+                String className = matcher.group(1);
+                className = StringUtil.substring(className, 0, -1); // remove ended
+                // .
+                // target is class, attribute or operation
+                String attributeName = matcher.group(2);
+                String actions = matcher.group(3).toUpperCase();
+                
+                String query = "";
+                String daoClass = "";
+                if(className.equals(clazz.getQualifiedName())) {
+                    query = "select " + attributeName + ".topiaId from " + clazz.getQualifiedName() + " where topiaId = ?";
+                    daoClass = clazz.getAttribute(attributeName).getClassifier().getQualifiedName();
+                } else {
+                    query = "select at.topiaId from " + clazz.getQualifiedName() + " cl, " + className + " at where topiaId = ? and at." + attributeName + " in cl";
+                    daoClass = className;
+                }
+/*{             resultPermissions.addAll(getRequestPermission(topiaId, <%=actions%>, "<%=query%>", <%=daoClass%>.class));
+}*/
+            }
+        } else {
+/*{             return null;
+}*/
+        }
+    }
+
     protected void generateNoNMultiplicity(Writer output, ObjectModelAttribute attr, boolean isAssoc) throws IOException {
         String propertyName = attr.getName();
         if (!isAssoc && attr.hasAssociationClass()) {