[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
The missing piece is the ability to un-rewrite URLs via SiteMap such that it's easy to create nicely formed URLs with nicely placed parameters using SiteMap and have the rules be bi-directional. It's been on my "noodling" list for a while, but hasn't been high priority. Charles F. Munat wrote: > These suggestions look really good. Thanks! I'll pore over the > information and will try to figure it out. > > Chas. > > Tim Perrett wrote: > >> Indeed - just reading this thread back and not quite understanding why >> its *not* possible to friendly urls in lift its very easy as derek >> points out. >> >> Check out: >> >> http://liftweb.net/index.php/UrlRewriting >> >> Tim >> >> On Sep 12, 2:17 pm, "Derek Chen-Becker" <[EMAIL PROTECTED]> wrote: >> >>> You can get the human-readable pages via the LiftRules.addDispatch... >>> methods. They take a partial function which uses a RequestMatcher to >>> determine which handler to use for a particular request. In the process, you >>> can use Scala's List wildcarding to extract parts of the URL that was passed >>> in. The syntax appears to have changed a bit since I tried this last, but in >>> Boot you would do something like this: >>> >>> LiftRules.addDispatchBefore({ >>> case RequestMatcher(RequestState("page" :: page_name :: Nil, _, _, _, _, >>> _, _, _)) => some_handler(_, page_name) >>> >>> }) >>> >>> I know I'm butchering that, but that's the general idea. The "page" :: >>> page_name :: Nil matches against the path, so that will match any URL path >>> that looks like "/page/" and make the latter portion available >>> for your handlers. >>> >>> Derek >>> >>> On Thu, Sep 11, 2008 at 4:09 PM, Charles F. Munat <[EMAIL PROTECTED]> wrote: >>> >>> >>> >>> Marius wrote: >> Also, I like the user-created pages to be accessible by URL (i.e. >> without a query string) with a readable URL, so: >> mysite.com/some_page >> Not: >> mysite.com/p123456, mysite.com?page=some_page, or >> mysite.com?page=123456 > What is the difference between mysite.com/some_page and mysite.com/ > p123456? I mean what is the exact problem you're trying to solve? > Perhaps a more concrete example may help us help you. > A short synopsis can be found here: http://plone.org/products/plone/features/3.0/existing-features/human-... If you Google "human-readable URL," you'll get some other interesting hits. I first encountered the concept years ago when I was spending time on the W3C's Web Accessibility Initiative list. I've been doing my best to use human-readable URLs ever since. But I wasn't actually asking a question, just mentioning this as a desiderata. I'll figure it out when I get to that point. Meanwhile, I am getting my hands dirty -- as you put it -- figuring out the SiteMap and related code. Will post questions as they come up. Chas. > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
These suggestions look really good. Thanks! I'll pore over the information and will try to figure it out. Chas. Tim Perrett wrote: > > Indeed - just reading this thread back and not quite understanding why > its *not* possible to friendly urls in lift its very easy as derek > points out. > > Check out: > > http://liftweb.net/index.php/UrlRewriting > > Tim > > On Sep 12, 2:17 pm, "Derek Chen-Becker" <[EMAIL PROTECTED]> wrote: >> You can get the human-readable pages via the LiftRules.addDispatch... >> methods. They take a partial function which uses a RequestMatcher to >> determine which handler to use for a particular request. In the process, you >> can use Scala's List wildcarding to extract parts of the URL that was passed >> in. The syntax appears to have changed a bit since I tried this last, but in >> Boot you would do something like this: >> >> LiftRules.addDispatchBefore({ >> case RequestMatcher(RequestState("page" :: page_name :: Nil, _, _, _, _, >> _, _, _)) => some_handler(_, page_name) >> >> }) >> >> I know I'm butchering that, but that's the general idea. The "page" :: >> page_name :: Nil matches against the path, so that will match any URL path >> that looks like "/page/" and make the latter portion available >> for your handlers. >> >> Derek >> >> On Thu, Sep 11, 2008 at 4:09 PM, Charles F. Munat <[EMAIL PROTECTED]> wrote: >> >> >> >>> Marius wrote: > Also, I like the user-created pages to be accessible by URL (i.e. > without a query string) with a readable URL, so: > mysite.com/some_page > Not: > mysite.com/p123456, mysite.com?page=some_page, or >>> mysite.com?page=123456 What is the difference between mysite.com/some_page and mysite.com/ p123456? I mean what is the exact problem you're trying to solve? Perhaps a more concrete example may help us help you. >>> A short synopsis can be found here: >>> http://plone.org/products/plone/features/3.0/existing-features/human-... >>> If you Google "human-readable URL," you'll get some other interesting >>> hits. I first encountered the concept years ago when I was spending time >>> on the W3C's Web Accessibility Initiative list. I've been doing my best >>> to use human-readable URLs ever since. >>> But I wasn't actually asking a question, just mentioning this as a >>> desiderata. I'll figure it out when I get to that point. Meanwhile, I am >>> getting my hands dirty -- as you put it -- figuring out the SiteMap and >>> related code. Will post questions as they come up. >>> Chas. > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
Thanks Tim, I had forgotten about just using a rewrite (which is definitely simpler). I had thought there was a Wiki page on the addDispatch methods, too, but I can't find it. The Wiki search function doesn't appear to work on substrings :( Derek On Fri, Sep 12, 2008 at 7:46 AM, Tim Perrett <[EMAIL PROTECTED]> wrote: > > > Indeed - just reading this thread back and not quite understanding why > its *not* possible to friendly urls in lift its very easy as derek > points out. > > Check out: > > http://liftweb.net/index.php/UrlRewriting > > Tim > > On Sep 12, 2:17 pm, "Derek Chen-Becker" <[EMAIL PROTECTED]> wrote: > > You can get the human-readable pages via the LiftRules.addDispatch... > > methods. They take a partial function which uses a RequestMatcher to > > determine which handler to use for a particular request. In the process, > you > > can use Scala's List wildcarding to extract parts of the URL that was > passed > > in. The syntax appears to have changed a bit since I tried this last, but > in > > Boot you would do something like this: > > > > LiftRules.addDispatchBefore({ > > case RequestMatcher(RequestState("page" :: page_name :: Nil, _, _, _, > _, > > _, _, _)) => some_handler(_, page_name) > > > > }) > > > > I know I'm butchering that, but that's the general idea. The "page" :: > > page_name :: Nil matches against the path, so that will match any URL > path > > that looks like "/page/" and make the latter portion available > > for your handlers. > > > > Derek > > > > On Thu, Sep 11, 2008 at 4:09 PM, Charles F. Munat <[EMAIL PROTECTED]> > wrote: > > > > > > > > > Marius wrote: > > > >> Also, I like the user-created pages to be accessible by URL (i.e. > > > >> without a query string) with a readable URL, so: > > > > > >> mysite.com/some_page > > > > > >> Not: > > > > > >> mysite.com/p123456, mysite.com?page=some_page, or > > > mysite.com?page=123456 > > > > > > What is the difference between mysite.com/some_page and mysite.com/ > > > > p123456? I mean what is the exact problem you're trying to solve? > > > > Perhaps a more concrete example may help us help you. > > > > > A short synopsis can be found here: > > > > >http://plone.org/products/plone/features/3.0/existing-features/human-. > .. > > > > > If you Google "human-readable URL," you'll get some other interesting > > > hits. I first encountered the concept years ago when I was spending > time > > > on the W3C's Web Accessibility Initiative list. I've been doing my best > > > to use human-readable URLs ever since. > > > > > But I wasn't actually asking a question, just mentioning this as a > > > desiderata. I'll figure it out when I get to that point. Meanwhile, I > am > > > getting my hands dirty -- as you put it -- figuring out the SiteMap and > > > related code. Will post questions as they come up. > > > > > Chas. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
Indeed - just reading this thread back and not quite understanding why its *not* possible to friendly urls in lift its very easy as derek points out. Check out: http://liftweb.net/index.php/UrlRewriting Tim On Sep 12, 2:17 pm, "Derek Chen-Becker" <[EMAIL PROTECTED]> wrote: > You can get the human-readable pages via the LiftRules.addDispatch... > methods. They take a partial function which uses a RequestMatcher to > determine which handler to use for a particular request. In the process, you > can use Scala's List wildcarding to extract parts of the URL that was passed > in. The syntax appears to have changed a bit since I tried this last, but in > Boot you would do something like this: > > LiftRules.addDispatchBefore({ > case RequestMatcher(RequestState("page" :: page_name :: Nil, _, _, _, _, > _, _, _)) => some_handler(_, page_name) > > }) > > I know I'm butchering that, but that's the general idea. The "page" :: > page_name :: Nil matches against the path, so that will match any URL path > that looks like "/page/" and make the latter portion available > for your handlers. > > Derek > > On Thu, Sep 11, 2008 at 4:09 PM, Charles F. Munat <[EMAIL PROTECTED]> wrote: > > > > > Marius wrote: > > >> Also, I like the user-created pages to be accessible by URL (i.e. > > >> without a query string) with a readable URL, so: > > > >> mysite.com/some_page > > > >> Not: > > > >> mysite.com/p123456, mysite.com?page=some_page, or > > mysite.com?page=123456 > > > > What is the difference between mysite.com/some_page and mysite.com/ > > > p123456? I mean what is the exact problem you're trying to solve? > > > Perhaps a more concrete example may help us help you. > > > A short synopsis can be found here: > > >http://plone.org/products/plone/features/3.0/existing-features/human-... > > > If you Google "human-readable URL," you'll get some other interesting > > hits. I first encountered the concept years ago when I was spending time > > on the W3C's Web Accessibility Initiative list. I've been doing my best > > to use human-readable URLs ever since. > > > But I wasn't actually asking a question, just mentioning this as a > > desiderata. I'll figure it out when I get to that point. Meanwhile, I am > > getting my hands dirty -- as you put it -- figuring out the SiteMap and > > related code. Will post questions as they come up. > > > Chas. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
You can get the human-readable pages via the LiftRules.addDispatch... methods. They take a partial function which uses a RequestMatcher to determine which handler to use for a particular request. In the process, you can use Scala's List wildcarding to extract parts of the URL that was passed in. The syntax appears to have changed a bit since I tried this last, but in Boot you would do something like this: LiftRules.addDispatchBefore({ case RequestMatcher(RequestState("page" :: page_name :: Nil, _, _, _, _, _, _, _)) => some_handler(_, page_name) }) I know I'm butchering that, but that's the general idea. The "page" :: page_name :: Nil matches against the path, so that will match any URL path that looks like "/page/" and make the latter portion available for your handlers. Derek On Thu, Sep 11, 2008 at 4:09 PM, Charles F. Munat <[EMAIL PROTECTED]> wrote: > > Marius wrote: > >> Also, I like the user-created pages to be accessible by URL (i.e. > >> without a query string) with a readable URL, so: > >> > >> mysite.com/some_page > >> > >> Not: > >> > >> mysite.com/p123456, mysite.com?page=some_page, or > mysite.com?page=123456 > > > > > > What is the difference between mysite.com/some_page and mysite.com/ > > p123456? I mean what is the exact problem you're trying to solve? > > Perhaps a more concrete example may help us help you. > > A short synopsis can be found here: > > > http://plone.org/products/plone/features/3.0/existing-features/human-readable-urls > > If you Google "human-readable URL," you'll get some other interesting > hits. I first encountered the concept years ago when I was spending time > on the W3C's Web Accessibility Initiative list. I've been doing my best > to use human-readable URLs ever since. > > But I wasn't actually asking a question, just mentioning this as a > desiderata. I'll figure it out when I get to that point. Meanwhile, I am > getting my hands dirty -- as you put it -- figuring out the SiteMap and > related code. Will post questions as they come up. > > Chas. > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
Marius wrote: >> Also, I like the user-created pages to be accessible by URL (i.e. >> without a query string) with a readable URL, so: >> >> mysite.com/some_page >> >> Not: >> >> mysite.com/p123456, mysite.com?page=some_page, or mysite.com?page=123456 > > > What is the difference between mysite.com/some_page and mysite.com/ > p123456? I mean what is the exact problem you're trying to solve? > Perhaps a more concrete example may help us help you. A short synopsis can be found here: http://plone.org/products/plone/features/3.0/existing-features/human-readable-urls If you Google "human-readable URL," you'll get some other interesting hits. I first encountered the concept years ago when I was spending time on the W3C's Web Accessibility Initiative list. I've been doing my best to use human-readable URLs ever since. But I wasn't actually asking a question, just mentioning this as a desiderata. I'll figure it out when I get to that point. Meanwhile, I am getting my hands dirty -- as you put it -- figuring out the SiteMap and related code. Will post questions as they come up. Chas. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: Desiderata. Was: Re: [Lift] Re: RBAC in Lift
On Sep 11, 10:27 pm, "Charles F. Munat" <[EMAIL PROTECTED]> wrote: > The websites I build tend to have the following features in common: > > 1. Some method of authentication. I mostly roll my own, but as I > sometimes have one set of users using multiple sites, I'm curious about > OpenID. I know that Lift has some capability for this, but haven't > looked into it yet. > > 2. Role-based access control. In Rails, it's pretty easy to do this by > controller-action. You have a table of Roles and a table of Rights -- > each Right a controller-action pair -- and a bridge table between them. > I often take this one step further and create an Organizations table and > a Positions table, where a User may have one or more Positions, and a > Position is a User-Role-Organization combination. The Roles are a tree > and I use nested sets to make pulling descendants easy. > > But this sucks. Rails is controller-centric rather than view-centric so > it's a big pain to do what I really want to do, which is show/hide/alter > parts of each page depending on the User's rights. I'd also like to be > able to add or subtract rights from a User on an individual basis > without regard to the Role(s) he or she holds. > > Another problem is that there are many Organizations and they, too, are > in a tree (nested set). So here is a good example: I have a table of > Students associated with various organizations and each Student has a > lot of private information. I want to be able to add/remove columns > (attributes) from the table based on the User's *role*, and filter rows > based on the User's *organization* (and sub-organizations). > > All of this is a big pain in Rails. I'm hoping that the view-centric > nature of Lift will make this a lot easier, but I'm still so far behind > the curve that I'm not sure how to go about anything. > > 3. User-created, edited, and deleted pages. On many of my sites, the > site owner or his/her designated representative can add new pages, > re-arrange them in the site navigation hierarchy, add/edit/delete > anything on the page, and remove pages. I also create widgets (such as > bulletin boards, photo galleries, site maps, etc.) that they can create > instances of, configure, and then insert into any site page. > > They'll have one or more templates for page layout to choose from (e.g. > one column, two column, one-then-two column) after which they can insert > articles, images, or widgets into any column in any order. (Articles, > images, and widget data are kept in separate tables.) Also, pages are > slotted into "slots" in the site hierarchy, so a page could also be in > more than one place in the hierarchy, or not public at all. > > This is quite complicated and Rails doesn't make it easy. Plus, there's > a big performance hit. > > I guess these sites are really sort of mini content management systems. > I mean, they don't have features for workflow, approval, locking, etc., > but they do allow re-use of content. More importantly, they allow my > clients to update their own websites in a timely manner without knowing > any code other than Markdown (which I infinitely prefer to Textile). > > The whole view-centric/snippet style of Lift seems perfect for this. > > Also, I like the user-created pages to be accessible by URL (i.e. > without a query string) with a readable URL, so: > > mysite.com/some_page > > Not: > > mysite.com/p123456, mysite.com?page=some_page, or mysite.com?page=123456 What is the difference between mysite.com/some_page and mysite.com/ p123456? I mean what is the exact problem you're trying to solve? Perhaps a more concrete example may help us help you. > > That's something I haven't figure out yet in Lift. > > 4. I do a lot of CRUD apps, so I am looking for: > > * The ability to layout tables on the fly, filtering columns and rows > based on both the User's authorization and preferences. I want the user > to be able to choose both which columns to show and in what order, and > to choose how the results are sorted, filtered (via a textbox), and > paged. And I want this generated automatically based on table metadata, > the User's preferences, and the User's rights/organization. So I build > it once, and then just configure each Object and the table is configured > automatically. > > * I also want *editable* tables, where the user can click on a cell, > change the value, and then hit enter or click elsewhere and that value > will be automatically updated in the database. And because I am > ridiculously greedy, I want the user to have undo on changes through *at > least* the entire editing session, if not for all time. > > * The ability to layout forms on the fly, filtering inputs and inserting > default values according to the User's authorization and preferences, > same as above. For example, I'd like to be able to assert that the range > of possible dates on a field is x to y, and those would be the only > values to appear in the pop-up date selector or drop down menu >
[Lift] Desiderata. Was: Re: [Lift] Re: RBAC in Lift
The websites I build tend to have the following features in common: 1. Some method of authentication. I mostly roll my own, but as I sometimes have one set of users using multiple sites, I'm curious about OpenID. I know that Lift has some capability for this, but haven't looked into it yet. 2. Role-based access control. In Rails, it's pretty easy to do this by controller-action. You have a table of Roles and a table of Rights -- each Right a controller-action pair -- and a bridge table between them. I often take this one step further and create an Organizations table and a Positions table, where a User may have one or more Positions, and a Position is a User-Role-Organization combination. The Roles are a tree and I use nested sets to make pulling descendants easy. But this sucks. Rails is controller-centric rather than view-centric so it's a big pain to do what I really want to do, which is show/hide/alter parts of each page depending on the User's rights. I'd also like to be able to add or subtract rights from a User on an individual basis without regard to the Role(s) he or she holds. Another problem is that there are many Organizations and they, too, are in a tree (nested set). So here is a good example: I have a table of Students associated with various organizations and each Student has a lot of private information. I want to be able to add/remove columns (attributes) from the table based on the User's *role*, and filter rows based on the User's *organization* (and sub-organizations). All of this is a big pain in Rails. I'm hoping that the view-centric nature of Lift will make this a lot easier, but I'm still so far behind the curve that I'm not sure how to go about anything. 3. User-created, edited, and deleted pages. On many of my sites, the site owner or his/her designated representative can add new pages, re-arrange them in the site navigation hierarchy, add/edit/delete anything on the page, and remove pages. I also create widgets (such as bulletin boards, photo galleries, site maps, etc.) that they can create instances of, configure, and then insert into any site page. They'll have one or more templates for page layout to choose from (e.g. one column, two column, one-then-two column) after which they can insert articles, images, or widgets into any column in any order. (Articles, images, and widget data are kept in separate tables.) Also, pages are slotted into "slots" in the site hierarchy, so a page could also be in more than one place in the hierarchy, or not public at all. This is quite complicated and Rails doesn't make it easy. Plus, there's a big performance hit. I guess these sites are really sort of mini content management systems. I mean, they don't have features for workflow, approval, locking, etc., but they do allow re-use of content. More importantly, they allow my clients to update their own websites in a timely manner without knowing any code other than Markdown (which I infinitely prefer to Textile). The whole view-centric/snippet style of Lift seems perfect for this. Also, I like the user-created pages to be accessible by URL (i.e. without a query string) with a readable URL, so: mysite.com/some_page Not: mysite.com/p123456, mysite.com?page=some_page, or mysite.com?page=123456 That's something I haven't figure out yet in Lift. 4. I do a lot of CRUD apps, so I am looking for: * The ability to layout tables on the fly, filtering columns and rows based on both the User's authorization and preferences. I want the user to be able to choose both which columns to show and in what order, and to choose how the results are sorted, filtered (via a textbox), and paged. And I want this generated automatically based on table metadata, the User's preferences, and the User's rights/organization. So I build it once, and then just configure each Object and the table is configured automatically. * I also want *editable* tables, where the user can click on a cell, change the value, and then hit enter or click elsewhere and that value will be automatically updated in the database. And because I am ridiculously greedy, I want the user to have undo on changes through *at least* the entire editing session, if not for all time. * The ability to layout forms on the fly, filtering inputs and inserting default values according to the User's authorization and preferences, same as above. For example, I'd like to be able to assert that the range of possible dates on a field is x to y, and those would be the only values to appear in the pop-up date selector or drop down menu associated with that field. Again, I want my form generator to be smart enough to do this based on meta-data associated with the Object. And I want one form to handle both adding and editing. * The ability for multiple users to edit the same page or data using Comet to push the changes to each other's view in real time. This could easily be integrated into the edi
[Lift] Re: RBAC in Lift
Interesting thread - my understanding of Acegi is that it can be implemented as a servlet filter (i guess in a similar way to lift), but it has some dependencies on the spring framework itself? Its been a *long* time since i did anything with spring! Im no JSecurity or Acegi expert, but just having a quite refresh via google on them, it kind of strikes me (or at least its the impression that i get) that JSecurity could potentially be a better all-purpose security plugin for lift as it could well be more configurable but thats just the vibe im getting (tm) Also, lift has a number of built in security features right? So I guess before looking at anything else thats currently out there, it would be good to just pen down what it is you'd want to achieve from implementing a security system so you can have as little overlap as possible (or alternatively by-pass lifts mechanisms all-together) Cheers Tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: RBAC in Lift
I'm going to be dealing with these sorts problems in the next couple of weeks, so I'm also interested in any experiences either of you have (and will be sure to share my own once I get there.) My initial plan had been to try to integrate Acegi as well; I'll let you know how it goes when I get to that point (probably next week.) Kris On Thu, Sep 11, 2008 at 6:16 AM, Oliver Lambert <[EMAIL PROTECTED]> wrote: > > I'm also interested in authorization and authentication. If your > going to > use a application server like Glassfish, JAAS is possibility. > > However, I'm trying to decide whether to use Acegi (without Spring) > or look at something like JSecurity. Any thoughts as to which would > be a better fit with Lift? > > Oliver > > On 08/09/2008, at 9:24 AM, Charles F. Munat wrote: > >> >> I'm building a website for a group that wants to have different levels >> of access to the site. Essentially, there will be five roles, from >> Admin >> down to Guest, with each role having access to different parts of >> the site. >> >> Some pages will only be accessible to users with a specific role. For >> example, the CRUD pages controlling users will only be accessible to >> those in the Admin role. >> >> On other pages, most of the page will be public, but parts of the page >> will only become visible if the user is a) logged in, and b) in the >> proper role. >> >> Blocking entire pages can obviously be done in the SiteMap with some >> sort of conditional statement. >> >> I'm guessing that the best way to handle the partial pages is with >> snippets, with the snippet displaying a blank or particular content >> depending on the user's role. >> >> But there are also other considerations. Users will have their own >> pages, so views of those pages may be limited to the particular user >> (such as a page to update one's profile), or, optionally, made >> public by >> that user (such as a bio). >> >> Does anyone have any suggestions for the best practice for going about >> this, or an example they can show me? >> >> Thanks for any and all help. I'm slowly figuring out the SiteMap and >> menu functions and hope to put together a tutorial on that shortly. >> >> Chas. >> >> > > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: RBAC in Lift
I wish I could tell you. I took a look at Acegi when I was playing around with Spring three years ago, but haven't been back. I am a Ruby programmer, not a Java programmer, so I was planning to roll my own. That said, it might be a good idea to check these out. I keep forgetting that Lift makes it possible to use Java libraries, so there are a lot more options open to me now. If you make any progress in this area, please let me know. Chas. Oliver Lambert wrote: > I'm also interested in authorization and authentication. If your > going to > use a application server like Glassfish, JAAS is possibility. > > However, I'm trying to decide whether to use Acegi (without Spring) > or look at something like JSecurity. Any thoughts as to which would > be a better fit with Lift? > > Oliver > > On 08/09/2008, at 9:24 AM, Charles F. Munat wrote: > >> I'm building a website for a group that wants to have different levels >> of access to the site. Essentially, there will be five roles, from >> Admin >> down to Guest, with each role having access to different parts of >> the site. >> >> Some pages will only be accessible to users with a specific role. For >> example, the CRUD pages controlling users will only be accessible to >> those in the Admin role. >> >> On other pages, most of the page will be public, but parts of the page >> will only become visible if the user is a) logged in, and b) in the >> proper role. >> >> Blocking entire pages can obviously be done in the SiteMap with some >> sort of conditional statement. >> >> I'm guessing that the best way to handle the partial pages is with >> snippets, with the snippet displaying a blank or particular content >> depending on the user's role. >> >> But there are also other considerations. Users will have their own >> pages, so views of those pages may be limited to the particular user >> (such as a page to update one's profile), or, optionally, made >> public by >> that user (such as a bio). >> >> Does anyone have any suggestions for the best practice for going about >> this, or an example they can show me? >> >> Thanks for any and all help. I'm slowly figuring out the SiteMap and >> menu functions and hope to put together a tutorial on that shortly. >> >> Chas. >> > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: RBAC in Lift
I'm also interested in authorization and authentication. If your going to use a application server like Glassfish, JAAS is possibility. However, I'm trying to decide whether to use Acegi (without Spring) or look at something like JSecurity. Any thoughts as to which would be a better fit with Lift? Oliver On 08/09/2008, at 9:24 AM, Charles F. Munat wrote: > > I'm building a website for a group that wants to have different levels > of access to the site. Essentially, there will be five roles, from > Admin > down to Guest, with each role having access to different parts of > the site. > > Some pages will only be accessible to users with a specific role. For > example, the CRUD pages controlling users will only be accessible to > those in the Admin role. > > On other pages, most of the page will be public, but parts of the page > will only become visible if the user is a) logged in, and b) in the > proper role. > > Blocking entire pages can obviously be done in the SiteMap with some > sort of conditional statement. > > I'm guessing that the best way to handle the partial pages is with > snippets, with the snippet displaying a blank or particular content > depending on the user's role. > > But there are also other considerations. Users will have their own > pages, so views of those pages may be limited to the particular user > (such as a page to update one's profile), or, optionally, made > public by > that user (such as a bio). > > Does anyone have any suggestions for the best practice for going about > this, or an example they can show me? > > Thanks for any and all help. I'm slowly figuring out the SiteMap and > menu functions and hope to put together a tutorial on that shortly. > > Chas. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---