Re: User interaction in Graffito

Fri, 26 Aug 2005 07:45:11 -0700 

Thanks for the help,

Martin

Christophe Lombart wrote:
Martin, 3 comments : 1. The Graffito Lock Service is not yet implemented. 
2. Permission management  is based on JASS. Permissions depend on a
Principal, an URI pattern and a permission type (view, edit, ...) .
3. The Subject info is coming from the portal request.
CmsRequestContextManager.getCurrentCmsRequestContext().

You can define the following security rules in the Graffito db (table
SECURITY_PERMISSION) :

See the OJB implementation to get more info how the engine checks the
permissions (org.apache.portals.graffito.store.impl.ojb.GraffitoOJBStore.java)

Here is some permission examples :
1. 'Admin group' '/graffito/-' 'all' : The admin group has all
permissions on path /graffito and it children (content & subfolders).
2. 'User john' '/graffito/afolder/adocument' "view" The user john can
only view the document
'/graffito/afolder/adocument
3. 'Guest group', '/graffito/public/*' "view" The group guest can view
all documents in the /graffito/public folder (but not in the
subfolders).

we have only a limited number of permissions ( view, edit, lock,
unlock, delete, insert, update). I would like to refactor the
permissions management to have the flexiblity to add new ones. All
ideas are welcome.

Christophe



2005/8/26, Martin Koci <[EMAIL PROTECTED]>:

How to identify user which performs a action, for example imports a new
document?

For example: JCR defines interface javax.jcr.Session; usual way
elsewhere is User object passed as method parameter or simple String
userId as parameter; HttpSession is used in Servlet enviroment.

Such identification must exists for locking service - My idea is to
obtain a exception "URI (node) locked by user Martin" or something like
that.

Thanks,

Martin

--
Mgr. Martin Kočí
---------------------------------
AURA, s.r.o.
Úvoz 499/56; 602 00 Brno
ISO 9001 certifikovaná společnost
tel./fax: +420 5 43 24 51 11
e-mail:  [EMAIL PROTECTED]
internet: http://www.aura.cz
        http://www.j2ee.cz
---------------------------------





--
Mgr. Martin Kočí
---------------------------------
AURA, s.r.o.
Úvoz 499/56; 602 00 Brno
ISO 9001 certifikovaná společnost
tel./fax: +420 5 43 24 51 11
e-mail:  [EMAIL PROTECTED]
internet: http://www.aura.cz
        http://www.j2ee.cz
---------------------------------

Reply via email to