Adrian, may be a newbie question but... ...in the example you give what will happen if a user has the ADMIN permission but not the CREATE one? Will the Create New button be rendered?
In other words who is responsible for the permission hierarchy ? In order to display the CREATE button, should a user be given with the CREATE permission explicitly or the ADMIN is sufficient? Thank you -Bruno 2008/6/6 Adrian Crum <[EMAIL PROTECTED]>: > I'll work on it this weekend. > > -Adrian > > > Ashish Vijaywargiya wrote: > >> +1 >> Adrian I liked your idea. >> >> On Thu, Jun 5, 2008 at 12:46 AM, Sumit Pandit < >> [EMAIL PROTECTED]> >> wrote: >> >> +1 >>> -- >>> Sumit Pandit >>> >>> >>> On Jun 5, 2008, at 3:04 AM, Jacques Le Roux wrote: >>> >>> Yes this sounds good to me too >>> >>>> Jacques >>>> >>>> From: "Bruno Busco" <[EMAIL PROTECTED]> >>>> >>>> Wonderfull !!!! >>>>> Looking forward to having it !!! ;-) >>>>> This will let me also define a more granular permissions to simplify >>>>> the >>>>> interface for not-so-skilled users. >>>>> -Bruno >>>>> 2008/6/4 Adrian Crum <[EMAIL PROTECTED]>: >>>>> >>>>> In the screen widgets, you can check permissions with the >>>>>> <if-has-permission> or <if-service-permission> elements. That's fine >>>>>> if >>>>>> you >>>>>> only need to check a single permission to control access to the entire >>>>>> screen. >>>>>> >>>>>> Things get complicated when a screen's elements are controlled by more >>>>>> than >>>>>> one permission. Let's say you have a typical Edit Item screen. The >>>>>> screen >>>>>> should be viewable only to users who have the VIEW permission. Users >>>>>> who >>>>>> have the UPDATE permission can edit the item. Users who have the >>>>>> CREATE >>>>>> permission see a "New Item" button. Users who have DELETE permission >>>>>> see >>>>>> a >>>>>> "Delete Item" button. Users who have the ADMIN permission have >>>>>> unrestricted >>>>>> access to the screen. Wow. Five permission elements (and five service >>>>>> calls) >>>>>> are needed to control one screen. >>>>>> >>>>>> >>>>>> Here's my idea: have a permission service that returns ALL of the >>>>>> user's >>>>>> permissions in a Map. You call the service with the permission to >>>>>> check >>>>>> - >>>>>> "ACCOUNTING" for example. The service returns a Map containing all of >>>>>> the >>>>>> user's ACCOUNTING permissions stored as Boolean objects. Let's say the >>>>>> returned Map is called permissionsMap and the user has ACCOUNTING_VIEW >>>>>> and >>>>>> ACCOUNTING_UPDATE permissions, then the Map would contain these >>>>>> elements: >>>>>> >>>>>> CREATE=false >>>>>> UPDATE=true >>>>>> DELETE=false >>>>>> VIEW=true >>>>>> ADMIN=false >>>>>> >>>>>> If the service call is put in the screen's <actions> element, then the >>>>>> Map >>>>>> elements could be used to control the display of screen widget >>>>>> sections, >>>>>> menu items, and form fields. >>>>>> >>>>>> Freemarker code would be simpler too: >>>>>> >>>>>> <#if permissionsMap.CREATE> >>>>>> <!-- Render a Create New button --> >>>>>> </#if> >>>>>> <#if permissionsMap.DELETE> >>>>>> <!-- Render a Delete button --> >>>>>> </#if> >>>>>> >>>>>> What do you think? >>>>>> >>>>>> -Adrian >>>>>> >>>>>> >>>>>> >>
