Hi All, There are several issues in the framework project that are not yet thought out; and to keep this project moving I have some suggestions that I want to discuss.
It concerns the following problems: - a component needs to retrieve a configuration setting - a component needs to know if the current user may perform a specific (function) action Some examples of these: - How many items should be shown in this list? - Should I show the welcome message? - May this specific user (known by the framework to have the role 'student') post a message here? - May this specific user view this content? - etc. etc. Some of these problems can be solved already by using functionality present in MMBase, but only a subset of these. For instance restricting somebody to view content: you can do that with MMBase Security, but that's quite heavy since all queries pass through that layer and it is not as flexible as you want. You cannot restrict on fields for example. The elegance of letting the Framework handle this, consists of the fact that you are free to implement it however you want: if you want to create a role-based authorization scheme that is up to you. If you want to stick with mmbase ranks thats also fine. My proposal would be to extend the current Component and Framework API's, to include the following methods: Component: - getSettings() -> to return a list of property names that can be set for this component (configured in XML probably) - getActions() -> to return a list of actions that can be performed within the component (configured in XML probably) Framework: - getSetting(Component, String, Parameters) -> return a string containing the setting value for the given component, setting name and framework-parameters. - may(Component, String, Parameters) -> return a boolean indicating whether the current user may perform the given action in this component (the current user can be retrieved from the framework parameters) Taglib: - need a new <mm:may action="xyz" /> tag? - need a new <mm:setting name="xyz" /> tag? The specific details need polishing probably since I just made them up, but how do you all think of this idea? Johannes -- Mail: mailto:[EMAIL PROTECTED] Web: http://www.verelst.net Blog: http://keukenhelden.nl/johannes _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
