Yes this sounds good to me too
Jacques
From: "Bruno Busco" <[EMAIL PROTECTED]>
Wonderfull !!!!
Looking forward to having it !!! ;-)
This will let me also define a more granular permissions to simplify the
interface for not-so-skilled users.
-Bruno
2008/6/4 Adrian Crum <[EMAIL PROTECTED]>:
In the screen widgets, you can check permissions with the
<if-has-permission> or <if-service-permission> elements. That's fine if you
only need to check a single permission to control access to the entire
screen.
Things get complicated when a screen's elements are controlled by more than
one permission. Let's say you have a typical Edit Item screen. The screen
should be viewable only to users who have the VIEW permission. Users who
have the UPDATE permission can edit the item. Users who have the CREATE
permission see a "New Item" button. Users who have DELETE permission see a
"Delete Item" button. Users who have the ADMIN permission have unrestricted
access to the screen. Wow. Five permission elements (and five service calls)
are needed to control one screen.
Here's my idea: have a permission service that returns ALL of the user's
permissions in a Map. You call the service with the permission to check -
"ACCOUNTING" for example. The service returns a Map containing all of the
user's ACCOUNTING permissions stored as Boolean objects. Let's say the
returned Map is called permissionsMap and the user has ACCOUNTING_VIEW and
ACCOUNTING_UPDATE permissions, then the Map would contain these elements:
CREATE=false
UPDATE=true
DELETE=false
VIEW=true
ADMIN=false
If the service call is put in the screen's <actions> element, then the Map
elements could be used to control the display of screen widget sections,
menu items, and form fields.
Freemarker code would be simpler too:
<#if permissionsMap.CREATE>
<!-- Render a Create New button -->
</#if>
<#if permissionsMap.DELETE>
<!-- Render a Delete button -->
</#if>
What do you think?
-Adrian
