Thank you, I've been wondering what Tenancy was for. In my particular case though I think it would be passing on the problem, since I would then need to extend Tenancies somehow.
I think the ideal solution would be to enable the security module to somehow specify which "ApplicationUser" domain class to use (either the default or user-defined). Im not sure how this could be done though. I will def play around with this some more since I'm still feeling my way around. Btw Im really enjoying ISIS thus far, thanks to all who've been contributing Martin On Thu, Nov 20, 2014 at 1:22 PM, Jeroen van der Wal <[email protected]> wrote: > Hi Martin B, > > We added Tenancy to the security module which, in our case, represents a > different legal entity and a users are assigned to a tenancy. We've looked > at RBAC [1] but were very pragmatic while implementing the module ;-) > There's certainly room for improvement so if you can share your thoughts, > requirements or entity model here we can perhaps align efforts. > > Oscar Bou, one of our other committers was very keen on this subject too. > Oscar: perhaps you want to pitch in too? > > And yes, please you can always fork it! > > Cheers, > > Jeroen > > [1] http://en.wikipedia.org/wiki/Role-based_access_control > > > > > > On Thu, Nov 20, 2014 at 9:48 AM, Martin Balmaceda < > [email protected]> wrote: > > > Im not sure how using a Shiro role would work since they are predefined > yet > > organizations can be added/removed dynamically > > > > On Thu, Nov 20, 2014 at 10:37 AM, Martin Grigorov <[email protected]> > > wrote: > > > > > Hi, > > > > > > I am not familiar with isis security module but isn't it possible to > use > > a > > > (Shiro) Role as an Organization ? > > > > > > Martin Grigorov > > > Wicket Training and Consulting > > > https://twitter.com/mtgrigorov > > > > > > On Thu, Nov 20, 2014 at 10:31 AM, <[email protected]> > wrote: > > > > > > > > > > > > > > > > > > > - Hi Martin, maybe you can try a solution that I made and that works > > for > > > > me at the moment; > > > > I defined a 'an abstrat secure object' that has the properties you > are > > > > looking for [1] > > > > > > > > [1] > > > > > > > > > > > > > > https://github.com/johandoornenbal/matching/blob/master/dom/src/main/java/info/matchingservice/dom/MatchingSecureMutableObject.java > > > > > > > > Thanks I agree, option 1 is much better. > > > > > > > > As for my user case: I have a system that hosts a number or > > organizations > > > > orthogonally. What I need to do is associate each user to exactly 1 > org > > > so > > > > that he/she can only see and modify information belonging to that > org. > > > > > > > > After looking at the problem, I figure that the best way to do it > would > > > be > > > > to use the security module and add an Organization property to > > > > ApplicationUser. Unfortunately it seems I would have to fork the > module > > > and > > > > add my custom Orgnization domain object to it. > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Nov 19, 2014 at 5:54 PM, Dan Haywood > > > > wrote: > > > > > > > > > On 19 November 2014 16:41, Jeroen van der Wal wrote: > > > > > > > > > > > Just double-checked: the master branch of isis-module-security > uses > > > the > > > > > > latest and greatest version of Isis, 1.8.0-SNAPSHOT > > > > > > > > > > > > [1] > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/isisaddons/isis-module-security/blob/master/pom.xml#L32-L36 > > > > > > > > > > > > > > > > > (though the screenshots in the README are still of 1.7.0) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Nov 19, 2014 at 4:33 PM, Jeroen van der Wal > > > > > > > wrote: > > > > > > > > > > > > > Hi Martin, > > > > > > > > > > > > > > I would advice against option 2 because you lose an easy update > > > path > > > > to > > > > > > > newer versions of the security module. > > > > > > > > > > > > > > > > > > > > > > > +1 to that advice. > > > > > > > > > > > > > > > > > > > > > > > > > > > Tell us more about your use-case so we can see what the options > > > are. > > > > > > > > > > > > > > > > > > > > > > > In particular, is the additional information you need to store > > > mandatory > > > > > with no sensible default (ie would need to prompt for it), or would > > the > > > > > current signatures of the methods in ApplicationUsers domain > service > > > > > suffice? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Cheers, > > > > > > > > > > > > > > > > > > > > > Jeroen > > > > > > > > > > > > > > On Wed, Nov 19, 2014 at 2:24 PM, Martin Balmaceda < > > > > > > > [email protected]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > to do is to be. dobedobedo > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > to do is to be. dobedobedo > > > -- to do is to be. dobedobedo
