+1
--
Sumit Pandit
On Jun 5, 2008, at 3:04 AM, Jacques Le Roux wrote:
Yes this sounds good to me too
Jacques
From: "Bruno Busco" <[EMAIL PROTECTED]>
Wonderfull !!!!
Looking forward to having it !!! ;-)
This will let me also define a more granular permissions to
simplify the
interface for not-so-skilled users.
-Bruno
2008/6/4 Adrian Crum <[EMAIL PROTECTED]>:
In the screen widgets, you can check permissions with the
<if-has-permission> or <if-service-permission> elements. That's
fine if you
only need to check a single permission to control access to the
entire
screen.
Things get complicated when a screen's elements are controlled by
more than
one permission. Let's say you have a typical Edit Item screen. The
screen
should be viewable only to users who have the VIEW permission.
Users who
have the UPDATE permission can edit the item. Users who have the
CREATE
permission see a "New Item" button. Users who have DELETE
permission see a
"Delete Item" button. Users who have the ADMIN permission have
unrestricted
access to the screen. Wow. Five permission elements (and five
service calls)
are needed to control one screen.
Here's my idea: have a permission service that returns ALL of the
user's
permissions in a Map. You call the service with the permission to
check -
"ACCOUNTING" for example. The service returns a Map containing all
of the
user's ACCOUNTING permissions stored as Boolean objects. Let's say
the
returned Map is called permissionsMap and the user has
ACCOUNTING_VIEW and
ACCOUNTING_UPDATE permissions, then the Map would contain these
elements:
CREATE=false
UPDATE=true
DELETE=false
VIEW=true
ADMIN=false
If the service call is put in the screen's <actions> element, then
the Map
elements could be used to control the display of screen widget
sections,
menu items, and form fields.
Freemarker code would be simpler too:
<#if permissionsMap.CREATE>
<!-- Render a Create New button -->
</#if>
<#if permissionsMap.DELETE>
<!-- Render a Delete button -->
</#if>
What do you think?
-Adrian
