Dave wrote:
<snip>
> I'll take you up on the write access when I'm a little more comfortable with
> CVS ( i'm currently going through your recommended reading).
>
> In the meantime, I've already began to make additions and changes to the
> admin stuff. I know you are all very busy, but would you prefer that I
> bundle my stuff into an admin folder and send it to the list? That way
> anyone that wanted to play with it could just drop the stuff into their
> local copy and try it out.
I would strongly recommend against this. One of the main benefits is
that atomicity of CVS. If you screw up on one single change you can
roll back easy. With huge commits you can't do this. You also miss
out on the CVS log messages which are a vital portions of "Open
Development"
> Also, I 've noticed some changes to the admin stuff in between snapshots.
> If anyone else out there is currently
> working on this stuff. Please let me know so we can collaborate on it and I
> don't step on your toes.
>
> Here's what I've added so far:
>
> ** Admin main page ( So you can just add a single link from your main
> default screen)
Don't put this on the default screen. You assume everyone is an admin
in this situation. What we really need is a permission which makes sure
the user can administer other users. It really needs to be more like a
"Web Operating System" with hierarchical user administration (add users,
delete users, modify users, create groups, etc with roles being like
"Administrator/root", "User Manager", etc).
> ** Admin navigation
> ** Moved some of the database access from a screen to an action.
Cool. I think I am guilty of some of this as I commited a hack. Bad me
:(.
> ** Modified the Admin layout
> ** Started to "pretty up" some of the screens
> ** Added a SecurityCheck class to the org.apache.turbine.util package.
> The SecurityCheck class is intended to hide some of the logic to check roles
> and permissions in actions
> and screens. So you can use it for any turbine application . Instead of
> doing this kinda stuff all the time:
>
> if ( !(
> data.acl.hasPermission("system_total_access")
> ))
Was this permission just added? I don't have CVS access as I am away
from a "real" computer (read linux) right now.
> {
> data.setMessage("ChooseOrFindTurbineUser was attempted without
> proper permissions.");
> data.setScreen("WrongPermissions");
> return;
> }
>
> you can just do something like this -
>
> SecurityCheck check = new SecurityCheck(data, mymessage,
> wrongpermissionscreen)
> if ( !check.isAuthorized(" system_total_access") )
> return;
>
> Hopefully it'll help prevent mistakes in doing authorization checks.
>
> I hope to have all the admin stuff up and running in the next week or so.
> Then I'll work on updating the
> build.
Rock on. I am glad someone is attempting to do this beside me. I just
don't have total bandwidth right now.
--
Kevin A. Burton
Senior Software Engineer
Kendara.com
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
