Hi Yves. Two approaches: server-side templating, and JavaScript code. In the second approach the user credentials are known to the JavaScript code (through an initial Ajax call for example), and the JavaScript code takes care of configuring the UI based on the credentials.
My preference goes to the first approach, because the second approach leads to clobbered JavaScript code, which can cause performance and code maintainance issues. Also by making the client aware of the user credentials the second approach is probably less secure. I'm interesting in knowing what people think about that. Eric 2009/4/16, Yves Moisan <[email protected]>: > >> >> We, Camptocamp, have been using MapFish/Pylons with repoze.who|what. >> So far we're very pleased with repoze: it works great, it's well >> documented and its main developer has been very helpful on the mailing >> lists. > > Access control on cartographic resources/data is one thing that I'm sure > repoze.* does well. However, I was wondering how you cope with UI > generation. If both users A and B have read access to resource X, but > only user B has write access to it, how does the final MapFish UI render > the "map" to the user ? That is, for user B there would be an editing > widget available but not for user A. > > Cheers, > > Yves > > _______________________________________________ > Community mailing list > [email protected] > http://lists.gispython.org/mailman/listinfo/community > -- Envoyé avec mon mobile Eric Lemoine Camptocamp France SAS Savoie Technolac, BP 352 73377 Le Bourget du Lac, Cedex Tel : 00 33 4 79 44 44 96 Mail : [email protected] http://www.camptocamp.com _______________________________________________ Community mailing list [email protected] http://lists.gispython.org/mailman/listinfo/community
