Shi,
Thank you for your response. I have been reading the reference manual now.
About your response #3 below, I am not sure I understand what you mean. I am
trying to list out all the assets that a user has access to and I am not
certain how protecting a method or object might help. I guess I am trying to
find out if it is possible with acegi to do a kind of dry run for a given user
in order to find out which assets are accessible by a user without actually
accessing it (and getting hit by a accessDenied exceptions). Does what I am
trying to convey make sense?
Thanks,
An
----- Original Message ----
From: Shi Lei <[EMAIL PROTECTED]>
To: acegisecurity-developer@lists.sourceforge.net
Sent: Tuesday, September 4, 2007 8:40:54 PM
Subject: Re: [Acegisecurity-developer] Can acegi do these?
hi, tedzo
1. yes, but you need to configure it yourself
2. take a look at Acegi Reference chapter 20.4
3. Acegi protect method (for example, methods related to your assets) and
domain object, take a look at chapter 21, 22 as well as
acegi-security-sample-contacts
On 9/5/07, tedzo <[EMAIL PROTECTED]> wrote:
Hello,
I am trying to figure if acegi is the right framework to use for our
requirements. Some of our requirements are as follows -
1. Allow me to define roles that are specific to my application AND that are
hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER
where VIEWER can only view, WRITER can view AND write, CREATOR can view, write
AND create and SUPER can do everything including delete. Can I define such a
hierarchy? Will acegi automatically handle the hierarchy for me?
2. It seems that acegi handles access to web pages in as a whole, meaning, I
can authorize (or not) a user attempting to view somepage.jsp, for example.
However, lets say sompage.jsp contains a visual element, say a button, that
needs to be displayed (or enabled) only to users with CREATOR and SUPER roles.
Can I implement such a mechanism with acegi? Basically that would mean I should
be able to provide a user's credentials and required access right for a given
asset and acegi has to respond with a yes/no response of s some sort.
3. Can acegi provide me with a list of all protected assets (say files) that a
user has access to? Meaning, lets say I have files that need to be protected
such that some may be handled by a user with VIEWER role while others require
user to have other roles. A user with WRITER role logs in and I want to present
a list assets available for him/her to handle. Can I somehow query acegi for
such a list?
Thank you for your time.
An
Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today!
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer