> > On Feb 9, 2015, at 7:51 AM, Stanton Sievers <[email protected]> wrote: > > Thanks for the quick reply Chris. I saw an earlier e-mail where you had > mentioned leveraging Apache Shiro to implement permission groups. Is that > what you're referring to here as well? Do you see this as complementing > the way in which spring security is being used with the > ModelPermissionEvaluator or is it a replacement?
I’d see it as a replacement personally. Honestly, once we remove all the front end stuff from the back end (JSPs and other stuff) spring security loses it’s luster (my opinion). I suppose we could integrate it into the web services, but it’s not there today and I think Shiro provides a lot more flexibility than Spring Security but I admit I’m not a Spring Security expert either. > > On Mon, Feb 9, 2015 at 9:41 AM, Christopher Geer <[email protected]> > wrote: > >>> >>> On Feb 9, 2015, at 7:37 AM, Stanton Sievers <[email protected]> wrote: >>> >>> Hi everyone, >>> >>> I'm currently exploring user groups in Rave and I was wondering if >> someone >>> could shed some light on the current state. >>> >>> It looks as if groups have been modeled[1] and there are repository[2] >> and >>> service[3] implementations for groups that exist today. However, I don't >>> see that groups are surfaced in the UI nor in the page permissions. Is >>> anyone actively using groups? >> >> This is just my opinion, but groups in Rave today aren’t useful. I think >> the intent is that someday you can have “collaboration groups” where people >> can subscribe to the same content or something but it is unclear. Not sure >> the original intent before it was donated. What is missing are groups that >> can be used for permissions. I would like to see the existing group >> construct be removed, have permission groups added in and then re-evaluate >> the need for some other group structure in the future. >>> >>> I'm also wondering about group members. The Group interface has a getter >>> and setter for members which is a List<String>. Are the strings user >> ids, >>> other group ids, both or something else altogether? >>> >>> Thanks, >>> -Stanton >>> >>> [1] org.apache.rave.model.Group and >>> org.apache.rave.portal.model.impl.GroupImpl >>> [2] org.apache.rave.repository.GroupRepository >>> [3] org.apache.rave.service.GroupService >> >>
