[ http://issues.apache.org/jira/browse/JS2-354?page=comments#action_12362608 ]
sunil kumar tiwari commented on JS2-354: ---------------------------------------- >From a user perspective, its better if no content is displayed. It should >appear like the portlet doesnt exist at all i.e the user doesnt know about the >portlet on the page. If we display some message like "Access Forbidden" then it may be confusing or irritating for the end user point of view. The user may want to enquire about the portlet in question which is not a good idea. For example, I have a page with 10 portlets on it. There are 3 groups of users. One group can see all the portlets, the other one only 8 portlets and the last group can see only 5 portlets. Now the page should appear normal, I mean, without any error message, to all the groups of users i.e. the page properly adjusted for each group. The advantage is that you have only one page with all the portlets on it but still serving to different sets of users with access to different subsets of all the portlets. > Provision for portlet-level permissions > --------------------------------------- > > Key: JS2-354 > URL: http://issues.apache.org/jira/browse/JS2-354 > Project: Jetspeed 2 > Type: Improvement > Components: Security > Versions: 2.0-M4, 2.0-FINAL > Environment: Generic > Reporter: Prashanth Gujjeti > Assignee: Randy Watler > Fix For: 2.1 > > There has been a lot of discussion on this aspect in both the developer and > user forums. Even though the portlet content can be controlled from within > the Portlet (by checking for the appropriate roles), it would be nice to > control the content from a layer above like PSML (or the RdbmsPolicy). That > gives the programmer the flexibility to modify the permissions per portlet, > and hence the content without any code change. > Since the feature has already been implemented, but just disabled (refer > David's and Randy's comments in the forums), I hope its not too much of work > to provide this feature. Sincerely appreciate your effort folks! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
