[jira] [Commented] (ISIS-474) hide operation in the sevice menu that are not invoke-able due to user role permission mapping.

Thu, 01 Aug 2013 00:50:20 -0700 

    [ 
https://issues.apache.org/jira/browse/ISIS-474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13726181#comment-13726181
 ] 

Dan Haywood commented on ISIS-474:
----------------------------------

I'm not absolutely sure this is an issue.  It's possible to specify both Edit 
and View perms, for all members.

View-only for properties makes sense... can view the value, not change it.
Edit for properties makes sense.

View for collections makes sense
Edit for collections make sense (being able to add/remove from the collection 
without wrting any code... however the Wicket viewer doesn't support this)

View for actions only kind-of makes sense... shows the action as existing, but 
greyed out
Edit for actions makes sense ... meaning it is invokable.

What I'm wondering is whether you've granted View perms on actions to users?  
If so, then remove that perm, and the action should be completely hidden.

Of course, I might be wrong on all the above.  Could you update the issue with 
the security mappings/permissions (shiro.ini, isis-authorization.* files).

Thx
Dan
                
> hide operation in the sevice menu that are not invoke-able due to user role 
> permission mapping.
> -----------------------------------------------------------------------------------------------
>
>                 Key: ISIS-474
>                 URL: https://issues.apache.org/jira/browse/ISIS-474
>             Project: Isis
>          Issue Type: Improvement
>          Components: Core, Viewer: Wicket
>            Reporter: David Tildesley
>            Assignee: Dan Haywood
>            Priority: Minor
>
> The current behaviour displays an operation in the service menu even though 
> the user does not have permission to invoke. While it is "greyed" and is not 
> able to be invoked it can still cause confusion for users. If the users don't 
> have the permission via their security mappings and role-permission mappings 
> to invoke an operation it would be preferable to not display it.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to