On Apr 30, 2009, at 11:07 AM, Jacopo Cappellato wrote:
On Apr 30, 2009, at 6:50 PM, Andrew Zeneski wrote:
... I'd be happy to discuss additional changes as well (which
aren't yet documented) like adding support to check multiple
permissions at once, returning a Map of results from that
permission check. So, if you or anyone else has a wish list for
security, let me know so I can get it all incorporated at the same
time.
Andrew
this is probably off topic here, but an enhancement I would like to
see in the form widgets is the ability for the widget model/renderer
to automatically select the proper field type according to the
permissions of the user: this is something that can be already done
using some scriptlets and the use-when attributes but it is pretty
complex.
I don't have a clear idea at the moment but the first options that I
can think of are:
1) a new field type "display-update": it will be "display" if the
user has view permissions; it will be "update" if the user has write
permissions
2) add, a required-permission attribute to the field element: this
will act as the use-when permission; or maybe adding something like
use-when="${ofbiz:hasPermission(UPDATE)}"
3) submit buttons will be disabled if the user doesn't have proper
permissions
4) base/default permissions could be set as an attribute in the form
element or derived from the service (if auto-fields is used)
How would we handle the "redundant" permission problem?
In other words, it is nice to check permissions on the client side and/
or show permission impact in the UI, but that just improves the UI...
it doesn't actually enforce any of those permissions checks because it
is really easy to change HTML and/or spoof a request (ie users with
valid credentials that can do other things could then get around
permissions that are only checked in the UI). Because of this it is
still necessary to check all permissions in services processing
incoming data, otherwise we have a security hole that is pretty easy
to exploit (well, if people realize it is there anyway).
The trick is how do we setup permissions so that we set them up once
and they function in both places (ie in the input processing for the
actual security, and in the UI for user convenience)?
-David