Some of my ideas:
- we have to consider supporting security on different levels:
- Service access (easy with Spring security and annotations or xml config)
- Column access (read, write, search privileges)
- Row access (read, write, delete, create privileges)
Row access:
Should be done in user code in services (find, save, ...).
Column access:
With existing paging support isn't problem to simply nullify columns
in find service which can't be accessed by some users. I don't know if
hibernate somehow directly support this.
My opinion is that you HAVE TO implement security on service tier not
VISUAL tier. Of course hiding columns for visualization purpose is
good feature.
I guess you need "hint" feature also for Sculptor GUI because with:
ListTask for Person {
name.first
birthDate hints="role=admin, advisor"
ssn hints="role=advisor, accountant"
sex
}
and little tweak in SpecialCases you will be done ;-).
Security is difficult because you can SLOW down your application too
much. That's why on this level is usually custom build.
Regards
Pavel
2010/4/21 Andreas Källberg <andreas.kallb...@gmail.com>:
> Hi,
> Nice suggestions, but you are a bit ahead of us here.
> There is plans for supporting authentication and authorization. When that is
> in place it would be nice to have dsl support for user roles.
> I guess it also could be possible to have multiple variations of tasks, i.e:
> ListTask for Person {
> name.first
> sex
> }
> ListTask [admin] for Person {
> name.first
> birthDate
> ssn
> sex
> }
>
> But it isn't something we have discussed
> If you feel it is something we should consider, think it through and add a
> suggestion in the tracker.
>
> .../Andreas
>
> On Wed, Apr 21, 2010 at 1:31 PM, greatfooty <greatfo...@gmail.com> wrote:
>>
>> I'm playing with setup of a sculptor site to contain multiple versions of
>> various UI task-types (these to be invoked depending on auth role of the
>> user).
>>
>> For example I'd want to define a 'public' ListTask for Person like this:
>>
>> ListTask for Person {
>> name.first
>> sex
>> }
>>
>> and an 'admin' ListTask for Person like this:
>>
>> ListTask for Person {
>> name.first
>> birthDate
>> sex
>> ssn
>> }
>>
>> Thats a simple example and obviously i can achieve this particular one by
>> doing say role-based suppression of output within the list_include.html
>> but
>> there can be many more complex examples where declarative definition in
>> the
>> DSL would be way easier.
>>
>> Is there already any way to do this? eg. maybe some hidden DSL options for
>> naming tasks??
>>
>> --
>> View this message in context:
>> http://old.nabble.com/-Sculptor--Multiple-UI-tasks-per-%27task-type%27--tp28288008s17564p28288008.html
>> Sent from the Fornax-Platform mailing list archive at Nabble.com.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Fornax-developer mailing list
>> Fornax-developer@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/fornax-developer
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Fornax-developer mailing list
> Fornax-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fornax-developer
>
>
------------------------------------------------------------------------------
_______________________________________________
Fornax-developer mailing list
Fornax-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fornax-developer
