"Kevin A. Burton" <[EMAIL PROTECTED]> wrote:
> I am adding another attribute to <entry>
>
> <attribute name="isAdmin" type="boolean" minOccurs="0"/>
>
> This will basically be for the Admin console so that it can look up
> Portlets but that these aren't allowed to be viewed by ordinary users.
> We can (if people think it is necessary) provide a Portlet.isAdmin() so
> that even the Portlet can *require* that other people besides admins
> can't view it.
What about using the user's roles/permissions to determine if they can access
the portlet? This way we could place a role/permission ( admin_user ) or a
list of roles in the markup and the controller would not even instantaite the
portlet object unless the user had these roles/permissions.
It would be nice to limit what a user can subscribe to in this fashion also.
For example, groups of users with the internet_user permission/role may see
all the portlets/channels that need access to the internet, but others may
only see intranet portlets.
jb
Jeffrey D. Brekke
mailto:[EMAIL PROTECTED]
http://sites.netscape.net/ekkerbj/homepage
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
