> Thanks Kevin, it is working now. Is there anything on sql based
> authorization?
Errrmm... good question.
I think I once toyed with a proto sql authorization that was a more-or-
less direct copy of the file based one, just that it fetched data from a
table.. but I don't recall if I committed it.
My issue is that I never had a UI to edit the roles - so all the back-end
stuff (adding roles, methods, etc) had to be managed via another tool
(e.g. phpMyAdmin!).
And don't ask about auto-learning!
As I say, In my deployed application, I use my own SQL login
authenticator (sqlLogin) and authorization service.
The login authenticator overrides
PasswordRequestAuthenticatorAbstract and fetches the roles from the
SQL table.
The authorizor e.g. sqlAuthorizor with methods "hasAdminRole()" uses
the internal method "hasRole()" to check if the current logged in user
has the desired role (determined by my own AdminState enum):
protected boolean hasRole(AdminState adminState) {
UserMemento user = getContainer().getUser();
String role = adminState.toString();
return user.hasRole(role);
}
Then, in my domain services, I have, e.g. for domain factory method
"newMember",
public boolean hideNewMember() {
return hasRole(AdminState.SECRETARY);
}
This is not the technique advised in the Isis manuals, which advocates
that authorization is outside the scope of the domain, but it works for
me.
Of course, it does mean that I have dozens of "hide" and "disable"
methods instead of entries in the alternative "allow" or "disallow"
files/tables, but it gives me finegrained runtime control over visibility
and access.
Regards,
Kevin
