On Jan 7, 2008 4:52 PM, jonathan <[EMAIL PROTECTED]> wrote: > Is there a recommended way to pursue per-user or group-based access > permission? We're currently hooking into our ldap system for login, and > would like to be able to set up "groups" (not necessarily in ldap) of > users with access control to view or edit particular blogs.
I don't think you'll have much success mapping LDAP groups to blogs with Roller 4.0. I think the best you can do is to map an LDAP group to the Roller 'editor' role for ordinary Roller users and another LDAP group to the Roller 'admin' role for Roller admin users. In case you haven't already seen this: http://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS > It seems like this could be done by injecting new user "roles" into the > database, and then setting a url pattern match in security.xml, but it > also seems like this is both generally ugly, and liable to cause > nightmares during future roller upgrades. I don't know enough about Acegi to advise you here, but perhaps you are onto something here. > Any thoughts or pointers that would minimize both short and long-term > pain would be most appreciated. In Roller 4.1 we have pluggable user/permissions management, which will give us a lot more flexibility in this area, but at this point we don't provide any way to map LDAP groups to group blog permissions. - Dave
