The pattern used so far is that the ADMIN permission is checked first,
then the other permissions. So if a user has the ADMIN permission, they
don't need the additional permissions.
I'll probably have all of the permissions Map elements set to true if
the user has the ADMIN permission.
-Adrian
Bruno Busco wrote:
Adrian,
may be a newbie question but...
...in the example you give what will happen if a user has the ADMIN
permission but not the CREATE one?
Will the Create New button be rendered?
In other words who is responsible for the permission hierarchy ?
In order to display the CREATE button, should a user be given with the
CREATE permission explicitly or the ADMIN is sufficient?
Thank you
-Bruno
2008/6/6 Adrian Crum <[EMAIL PROTECTED]>:
I'll work on it this weekend.
-Adrian
Ashish Vijaywargiya wrote:
+1
Adrian I liked your idea.
On Thu, Jun 5, 2008 at 12:46 AM, Sumit Pandit <
[EMAIL PROTECTED]>
wrote:
+1
--
Sumit Pandit
On Jun 5, 2008, at 3:04 AM, Jacques Le Roux wrote:
Yes this sounds good to me too
Jacques
From: "Bruno Busco" <[EMAIL PROTECTED]>
Wonderfull !!!!
Looking forward to having it !!! ;-)
This will let me also define a more granular permissions to simplify
the
interface for not-so-skilled users.
-Bruno
2008/6/4 Adrian Crum <[EMAIL PROTECTED]>:
In the screen widgets, you can check permissions with the
<if-has-permission> or <if-service-permission> elements. That's fine
if
you
only need to check a single permission to control access to the entire
screen.
Things get complicated when a screen's elements are controlled by more
than
one permission. Let's say you have a typical Edit Item screen. The
screen
should be viewable only to users who have the VIEW permission. Users
who
have the UPDATE permission can edit the item. Users who have the
CREATE
permission see a "New Item" button. Users who have DELETE permission
see
a
"Delete Item" button. Users who have the ADMIN permission have
unrestricted
access to the screen. Wow. Five permission elements (and five service
calls)
are needed to control one screen.
Here's my idea: have a permission service that returns ALL of the
user's
permissions in a Map. You call the service with the permission to
check
-
"ACCOUNTING" for example. The service returns a Map containing all of
the
user's ACCOUNTING permissions stored as Boolean objects. Let's say the
returned Map is called permissionsMap and the user has ACCOUNTING_VIEW
and
ACCOUNTING_UPDATE permissions, then the Map would contain these
elements:
CREATE=false
UPDATE=true
DELETE=false
VIEW=true
ADMIN=false
If the service call is put in the screen's <actions> element, then the
Map
elements could be used to control the display of screen widget
sections,
menu items, and form fields.
Freemarker code would be simpler too:
<#if permissionsMap.CREATE>
<!-- Render a Create New button -->
</#if>
<#if permissionsMap.DELETE>
<!-- Render a Delete button -->
</#if>
What do you think?
-Adrian
