Craig Berry
Thu, 22 Feb 2001 00:57:04 -0800
The GlueCode team is preparing to pursue portlet-level security for Jetspeed -- that is, the ability to make portlets visible to only certain users. Of course, we want to build this on the existing Turbine group/role/permission scheme. Our initial thought is that adding attributes in jetspeed-config.jcfg of roughly this form <viewable-by group="foo" role="bar" perm="baz" /> would be a good way to encode the permissions. In the absence of any such attributes, the default would be viewable by all. A reasonable "choke point" at which to limit access to portlets would appear to be PortletConfig.getPortletSet(). The set returned could be filtered to remove portlets for which the user does not have permission. This would suffice to control access both to portlets on the portal page, and listing of portlets on the customization page (which we're working to extend, by the way). Thoughts on this approach, please? -- Craig Berry - (310) 570-4140 VP Technology GlueCode 1452 Second St Santa Monica CA 90401 -- -------------------------------------------------------------- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Search: <http://www.mail-archive.com/jetspeed@list.working-dogs.com/> List Help?: [EMAIL PROTECTED]