Roles and Permissions can be stored in the JCR repository and configured from the Admin UI.From Admin UI we can define/delete/edit permissions , roles and assign permissions to roles.
On Thu, Jun 24, 2010 at 10:34 PM, Luciano Resende <[email protected]>wrote: > On Thu, Jun 24, 2010 at 9:53 AM, Avdhesh Yadav <[email protected]> > wrote: > > I agree with this approach. > > > > +1 > > > > > > On Fri, Jun 18, 2010 at 9:03 PM, Suhothayan Sriskandarajah < > > [email protected]> wrote: > > > >> I believe the authentication is now stable in Photark. > >> I'm now going to start working on implementing a simple "Role Based > >> Access Control" next, and > >> here is the initial approach i have in mind... > >> > >> I thought of creating some well defined mutually exclusive roles > >> 1. Super admin Role : have only 1 user (The one who login from > >> FORM authentication) > >> 2. Registered user Role > >> 3. Unregistered user Role : the users who are not logged in. > >> 4. Blocked user Role > >> > >> And there will be other normal roles which are kind of a groups > >> (groupRoles) > >> these can be created by uses in "Registered user Role" and "Super admin > >> Role" > >> for e.g. > >> a RegisteredUser1 in "Registered user Role" can create a groupRole > >> called myFriends and add user1, user2 & user3 > >> and sets myFriends groupRole permissions to allow users to add/remove > >> images from AlbumA and AlbumB > >> > >> provided the users user1, user2 & user3 are also in the Registered > >> user Role they can execute the given permissions > >> and only the RegisteredUser1 and the Super Admin have the rights to > >> view and edit the myFriends Role (it's users and permissions) > >> > >> > >> each of these roles will have permissions > >> 1. Super admin Role : > >> * change users from one role to another (Registered to Blocked and > other) > >> * view and delete all albums, image, album descriptions of all users > >> * create and manage groupRoles > >> > >> 2. Registered user Role : > >> * can create an album > >> * can delete his albums, edit album description and add/remove images > >> from his album > >> * create and mange groupRoles (add/remove users to it and change > >> permissions) , he can manage only groupRoles he created > >> > >> 3. Unregistered user Role : > >> * view the albums (only giving access to view by Unregistered user > >> Role) (public albums) > >> > >> 4. Blocked user Role : > >> * same as Unregistered user Role > >> > >> the roles are arranged in a hierarchy where > >> Super Admin Role (top) > >> Group Roles > >> Registered user Role > >> Unregistered user Role > >> Blocked user Role > >> > >> the basic permissions for now > >> *adding images > >> *removing images > >> *creating albums > >> *deleting albums > >> *editing album description > >> > >> I think this model is scalable in future. > >> Please do give your thoughts on this and guide me in the correct path > >> > >> Suho > >> > > > > > > > > How are roles configured ? How are roles enforced ? > > > > -- > Luciano Resende > http://people.apache.org/~lresende <http://people.apache.org/%7Elresende> > http://twitter.com/lresende1975 > http://lresende.blogspot.com/ > -- Avdhesh Yadav http://www.avdheshyadav.com http://twitter.com/yadavavdhesh
