+1 Adrian I liked your idea. On Thu, Jun 5, 2008 at 12:46 AM, Sumit Pandit <[EMAIL PROTECTED]> wrote:
> +1 > -- > Sumit Pandit > > > On Jun 5, 2008, at 3:04 AM, Jacques Le Roux wrote: > > Yes this sounds good to me too >> >> Jacques >> >> From: "Bruno Busco" <[EMAIL PROTECTED]> >> >>> Wonderfull !!!! >>> Looking forward to having it !!! ;-) >>> This will let me also define a more granular permissions to simplify the >>> interface for not-so-skilled users. >>> -Bruno >>> 2008/6/4 Adrian Crum <[EMAIL PROTECTED]>: >>> >>>> In the screen widgets, you can check permissions with the >>>> <if-has-permission> or <if-service-permission> elements. That's fine if >>>> you >>>> only need to check a single permission to control access to the entire >>>> screen. >>>> >>>> Things get complicated when a screen's elements are controlled by more >>>> than >>>> one permission. Let's say you have a typical Edit Item screen. The >>>> screen >>>> should be viewable only to users who have the VIEW permission. Users who >>>> have the UPDATE permission can edit the item. Users who have the CREATE >>>> permission see a "New Item" button. Users who have DELETE permission see >>>> a >>>> "Delete Item" button. Users who have the ADMIN permission have >>>> unrestricted >>>> access to the screen. Wow. Five permission elements (and five service >>>> calls) >>>> are needed to control one screen. >>>> >>>> >>>> Here's my idea: have a permission service that returns ALL of the user's >>>> permissions in a Map. You call the service with the permission to check >>>> - >>>> "ACCOUNTING" for example. The service returns a Map containing all of >>>> the >>>> user's ACCOUNTING permissions stored as Boolean objects. Let's say the >>>> returned Map is called permissionsMap and the user has ACCOUNTING_VIEW >>>> and >>>> ACCOUNTING_UPDATE permissions, then the Map would contain these >>>> elements: >>>> >>>> CREATE=false >>>> UPDATE=true >>>> DELETE=false >>>> VIEW=true >>>> ADMIN=false >>>> >>>> If the service call is put in the screen's <actions> element, then the >>>> Map >>>> elements could be used to control the display of screen widget sections, >>>> menu items, and form fields. >>>> >>>> Freemarker code would be simpler too: >>>> >>>> <#if permissionsMap.CREATE> >>>> <!-- Render a Create New button --> >>>> </#if> >>>> <#if permissionsMap.DELETE> >>>> <!-- Render a Delete button --> >>>> </#if> >>>> >>>> What do you think? >>>> >>>> -Adrian >>>> >>>> >>> >
