Hi Adrian, I am thinking to something similar to what you proposed in this thread. What I would like to do is to simplify the UI to users who should not perform some operations.
For instance, in the catalog application, when looking to the EditProduct screen, I would like that the following tabmenus: Geos, IDs, Keywords, Associations, Manufacturing, Costs, Attributes, Agreements, Accounts, Maintenance, Meters, Workefforts should not be visible to standard users while they should be visible to admin. I am thinking to implement several permissions (may be some are already there) and to check for them in the menu items. What do you think? Did you implement something about it? Thank you, -Bruno 2008/6/6 Adrian Crum <[EMAIL PROTECTED]> > Correct. > > > Bruno Busco wrote: > >> Thank you, >> it make sense; so a CREATE permission check will be sufficient for the >> CREATE button rendering. >> -Bruno >> >> 2008/6/6 Adrian Crum <[EMAIL PROTECTED]>: >> >> The pattern used so far is that the ADMIN permission is checked first, >>> then >>> the other permissions. So if a user has the ADMIN permission, they don't >>> need the additional permissions. >>> >>> I'll probably have all of the permissions Map elements set to true if the >>> user has the ADMIN permission. >>> >>> -Adrian >>> >>> >>> Bruno Busco wrote: >>> >>> Adrian, >>>> may be a newbie question but... >>>> ...in the example you give what will happen if a user has the ADMIN >>>> permission but not the CREATE one? >>>> Will the Create New button be rendered? >>>> >>>> In other words who is responsible for the permission hierarchy ? >>>> In order to display the CREATE button, should a user be given with the >>>> CREATE permission explicitly or the ADMIN is sufficient? >>>> >>>> Thank you >>>> -Bruno >>>> >>>> >>>> >>>> 2008/6/6 Adrian Crum <[EMAIL PROTECTED]>: >>>> >>>> I'll work on it this weekend. >>>> >>>>> -Adrian >>>>> >>>>> >>>>> Ashish Vijaywargiya wrote: >>>>> >>>>> +1 >>>>> >>>>>> Adrian I liked your idea. >>>>>> >>>>>> On Thu, Jun 5, 2008 at 12:46 AM, Sumit Pandit < >>>>>> [EMAIL PROTECTED]> >>>>>> wrote: >>>>>> >>>>>> +1 >>>>>> >>>>>> -- >>>>>>> Sumit Pandit >>>>>>> >>>>>>> >>>>>>> On Jun 5, 2008, at 3:04 AM, Jacques Le Roux wrote: >>>>>>> >>>>>>> Yes this sounds good to me too >>>>>>> >>>>>>> Jacques >>>>>>> >>>>>>>> From: "Bruno Busco" <[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> Wonderfull !!!! >>>>>>>> >>>>>>>> Looking forward to having it !!! ;-) >>>>>>>>> This will let me also define a more granular permissions to >>>>>>>>> simplify >>>>>>>>> the >>>>>>>>> interface for not-so-skilled users. >>>>>>>>> -Bruno >>>>>>>>> 2008/6/4 Adrian Crum <[EMAIL PROTECTED]>: >>>>>>>>> >>>>>>>>> In the screen widgets, you can check permissions with the >>>>>>>>> >>>>>>>>> <if-has-permission> or <if-service-permission> elements. That's >>>>>>>>>> fine >>>>>>>>>> if >>>>>>>>>> you >>>>>>>>>> only need to check a single permission to control access to the >>>>>>>>>> entire >>>>>>>>>> screen. >>>>>>>>>> >>>>>>>>>> Things get complicated when a screen's elements are controlled by >>>>>>>>>> more >>>>>>>>>> than >>>>>>>>>> one permission. Let's say you have a typical Edit Item screen. The >>>>>>>>>> screen >>>>>>>>>> should be viewable only to users who have the VIEW permission. >>>>>>>>>> Users >>>>>>>>>> who >>>>>>>>>> have the UPDATE permission can edit the item. Users who have the >>>>>>>>>> CREATE >>>>>>>>>> permission see a "New Item" button. Users who have DELETE >>>>>>>>>> permission >>>>>>>>>> see >>>>>>>>>> a >>>>>>>>>> "Delete Item" button. Users who have the ADMIN permission have >>>>>>>>>> unrestricted >>>>>>>>>> access to the screen. Wow. Five permission elements (and five >>>>>>>>>> service >>>>>>>>>> calls) >>>>>>>>>> are needed to control one screen. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Here's my idea: have a permission service that returns ALL of the >>>>>>>>>> user's >>>>>>>>>> permissions in a Map. You call the service with the permission to >>>>>>>>>> check >>>>>>>>>> - >>>>>>>>>> "ACCOUNTING" for example. The service returns a Map containing all >>>>>>>>>> of >>>>>>>>>> the >>>>>>>>>> user's ACCOUNTING permissions stored as Boolean objects. Let's say >>>>>>>>>> the >>>>>>>>>> returned Map is called permissionsMap and the user has >>>>>>>>>> ACCOUNTING_VIEW >>>>>>>>>> and >>>>>>>>>> ACCOUNTING_UPDATE permissions, then the Map would contain these >>>>>>>>>> elements: >>>>>>>>>> >>>>>>>>>> CREATE=false >>>>>>>>>> UPDATE=true >>>>>>>>>> DELETE=false >>>>>>>>>> VIEW=true >>>>>>>>>> ADMIN=false >>>>>>>>>> >>>>>>>>>> If the service call is put in the screen's <actions> element, then >>>>>>>>>> the >>>>>>>>>> Map >>>>>>>>>> elements could be used to control the display of screen widget >>>>>>>>>> sections, >>>>>>>>>> menu items, and form fields. >>>>>>>>>> >>>>>>>>>> Freemarker code would be simpler too: >>>>>>>>>> >>>>>>>>>> <#if permissionsMap.CREATE> >>>>>>>>>> <!-- Render a Create New button --> >>>>>>>>>> </#if> >>>>>>>>>> <#if permissionsMap.DELETE> >>>>>>>>>> <!-- Render a Delete button --> >>>>>>>>>> </#if> >>>>>>>>>> >>>>>>>>>> What do you think? >>>>>>>>>> >>>>>>>>>> -Adrian >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>
