Wonderfull !!!! Looking forward to having it !!! ;-) This will let me also define a more granular permissions to simplify the interface for not-so-skilled users.
-Bruno 2008/6/4 Adrian Crum <[EMAIL PROTECTED]>: > In the screen widgets, you can check permissions with the > <if-has-permission> or <if-service-permission> elements. That's fine if you > only need to check a single permission to control access to the entire > screen. > > Things get complicated when a screen's elements are controlled by more than > one permission. Let's say you have a typical Edit Item screen. The screen > should be viewable only to users who have the VIEW permission. Users who > have the UPDATE permission can edit the item. Users who have the CREATE > permission see a "New Item" button. Users who have DELETE permission see a > "Delete Item" button. Users who have the ADMIN permission have unrestricted > access to the screen. Wow. Five permission elements (and five service calls) > are needed to control one screen. > > > Here's my idea: have a permission service that returns ALL of the user's > permissions in a Map. You call the service with the permission to check - > "ACCOUNTING" for example. The service returns a Map containing all of the > user's ACCOUNTING permissions stored as Boolean objects. Let's say the > returned Map is called permissionsMap and the user has ACCOUNTING_VIEW and > ACCOUNTING_UPDATE permissions, then the Map would contain these elements: > > CREATE=false > UPDATE=true > DELETE=false > VIEW=true > ADMIN=false > > If the service call is put in the screen's <actions> element, then the Map > elements could be used to control the display of screen widget sections, > menu items, and form fields. > > Freemarker code would be simpler too: > > <#if permissionsMap.CREATE> > <!-- Render a Create New button --> > </#if> > <#if permissionsMap.DELETE> > <!-- Render a Delete button --> > </#if> > > What do you think? > > -Adrian >
