"Jeffrey D.Brekke" wrote:
>
> "Kevin A. Burton" <[EMAIL PROTECTED]> wrote:
> > I am adding another attribute to <entry>
> >
> > <attribute name="isAdmin" type="boolean" minOccurs="0"/>
> >
> > This will basically be for the Admin console so that it can look up
> > Portlets but that these aren't allowed to be viewed by ordinary users.
> > We can (if people think it is necessary) provide a Portlet.isAdmin() so
> > that even the Portlet can *require* that other people besides admins
> > can't view it.
>
> What about using the user's roles/permissions to determine if they can access
> the portlet? This way we could place a role/permission ( admin_user ) or a
> list of roles in the markup and the controller would not even instantaite the
> portlet object unless the user had these roles/permissions.
We need a better way to abstract user authentication. JAAS is
interesting but that means another SUN jar. Java Security (would
require JDK 1.2) would be another way but this has its problems. Any
way users can authenticate should be provided but this much harder than
it sounds.
I was going to map the isAdmin role to a Turbine privilege so... Maybe
some of the Admin portlets would be cool to have in your custom page.
Maybe some meta info like how many portlets are currently within
Jetspeed or when the last updates were done. Certainly this isn't
something I should constrain to the Admin screen.
> It would be nice to limit what a user can subscribe to in this fashion also.
> For example, groups of users with the internet_user permission/role may see
> all the portlets/channels that need access to the internet, but others may
> only see intranet portlets.
Role support would be a way off. We already have a lot of things to
accomplish for 1.2. That is unless you are volunteering to make it
happen :)
--
Kevin A Burton ([EMAIL PROTECTED])
http://relativity.yi.org
Message to SUN: "Please Open Source Java!"
"For evil to win is for good men to do nothing."
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
