I think this is a great idea and would be very useful. Could you
create a JIRA issue for this and relate it to OFBIZ-2380?
Andrew
On Apr 30, 2009, at 1:07 PM, Jacopo Cappellato wrote:
On Apr 30, 2009, at 6:50 PM, Andrew Zeneski wrote:
... I'd be happy to discuss additional changes as well (which
aren't yet documented) like adding support to check multiple
permissions at once, returning a Map of results from that
permission check. So, if you or anyone else has a wish list for
security, let me know so I can get it all incorporated at the same
time.
Andrew
this is probably off topic here, but an enhancement I would like to
see in the form widgets is the ability for the widget model/renderer
to automatically select the proper field type according to the
permissions of the user: this is something that can be already done
using some scriptlets and the use-when attributes but it is pretty
complex.
I don't have a clear idea at the moment but the first options that I
can think of are:
1) a new field type "display-update": it will be "display" if the
user has view permissions; it will be "update" if the user has write
permissions
2) add, a required-permission attribute to the field element: this
will act as the use-when permission; or maybe adding something like
use-when="${ofbiz:hasPermission(UPDATE)}"
3) submit buttons will be disabled if the user doesn't have proper
permissions
4) base/default permissions could be set as an attribute in the form
element or derived from the service (if auto-fields is used)
Just my two cents
Jacopo
