Julien, 1. Thanks for posting this.
2. I assume this feature can wait until after 4.1 is released? 3. Suggestion: use Grouper permissions. I think what this proposal amounts to is a) Individual syndicated feeds within feed reader instances are entities over which users may have permissions (namely, the permission to see that feed included in their experience of the portlet). b) There ought to be a better UI for assigning those permissions. Great. So, The feed reader portlet publication would correspond to a Group in Grouper. Each feed added to the portlet would be a Subject and a member of the Group representing that feed publication. Ability to render that feed would be a Grouper Permission on the Subject representing the feed. The permissions resolution needs of the portlet are now easy to fulfill: the portlet simply asks Grouper whether the presenting user has permission to render each feed entry. (Adding some other permissions, could also model administration privileges over those feeds, etc.) Then we need a better UI for the delegated administrator to assign users and groups into the roles that would give them permissions over these feed-subjects. Good UIs are a hard problem. No doubt the uPortal UIs for group selection should continue to be improved. BUT. If we architect uPortal and portlets to embrace Grouper for this, then administrators and users can equally administer these permission grants via Grouper UIs and via tools built to talk to Grouper APIs. I think that's the promising architectural direction for uPortal to explore, and I expect it's a major initiative to go after post-uPortal-4.1. I'm eager to ride on the greatness of Grouper and on its attention to improving user experience. Kind regards, Andrew On 4/18/14, 2:09 AM, Julien Gribonvald wrote: > Hi Everybody, > > I'm looking for a feature to give an easy way for users to select > groups in order to define rights access on some resources in portlets, > something similar to define groups on portlet definitions. In our > context we have a massive delegation of rights and so many users > aren't uPortal admin, so they don't and can't acess to uPortal groups > view and in the case that they want to give access on a resource (from > a portlet) they should watch on our grouper UI?? to find and see the > exact name of the group (only way where we can define some access > permissions on groups view, but this isn't perfect) and come back to > the resource definition page (on the portlet). Actually our other > problem - if we want a such feature - is that we should implements a > group view in all our portlets where we need this feature and more it > will be something "context specific" whereas i think some other > uPortal deployers could need a such feature and they do not use > necessary grouper, group pags or smartldap (we use this one a bit > modified to avoid grouper ws) as example, so we would prefer to see > something more integrated in the portal and that could be used in the > community. > > I wrote a page on the wiki to explain how i see the feature with a use > case : > https://wiki.jasig.org/display/UPC/pick+up+groups+from+a+delegated+group+manager+view > So any question and discussion about this feature would be > appreciated. More I need advices on the best way to develop this > feature and if someone have interest or could provide any help don't > hesitate to take part of this discussion ;) > > Thanks > > Julien > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/uportal-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
