I'm trying to come up with a use case where this sort of logic would
be applicable, but I just cannot think of any. I can think of cases
where we will conditionally want to check a single permission but OR/
AND permissions together for a UI element?
When displaying a list of items, I might add a link to an update form,
in which I would only show the link if update permission available.
Same with delete, but I wouldn't check these in the same place, rather
with each link.
Also, I might use <display/> for read only users instead of text boxes
(I really like Jacopo's use-when idea). But when would I really ever
want to check them in an AND/OR fashion?
Keeping in mind now, that the permission system handles granularity,
as long as we are intelligent when defining permissions I believe a
single permissions should be able to handle most cases. With the
exception of UIs where we would want to display different things based
on a different base permission, even then a single call using the new
findMatchingPermissions() would totally do the trick.
Andrew
On Apr 30, 2009, at 7:43 PM, Adrian Crum wrote:
I like that idea. Less chance that an unintended conversion would
occur.
-Adrian
Scott Gray wrote:
FYI and I only realized this the other day but beanshell supports
exactly this type of feature where you can specify things @and, @or
and etc. for use in xml files http://www.beanshell.org/manual/syntax.html#Document_Friendly_Entities
I wonder if we do this it might be worth following the same
convention.
Regards
Scott
HotWax Media
http://www.hotwaxmedia.com <http://www.hotwaxmedia.com/>
On 1/05/2009, at 5:34 AM, Jacopo Cappellato wrote:
Adrian,
this is really interesting.
However I think it is time to start thinking to define our own xml
friendly keywords for && and || operators; I would like to express
that statement with something like this:
<set field="hasPermission" value="$
{(hasPermission['update:context1'] OR
hasPermission['update:context2']) AND
hasPermission['update:context3']}" type="Boolean"/>
Jacopo
On Apr 30, 2009, at 7:20 PM, Adrian Crum wrote:
<set field="hasPermission" value="$
{(hasPermission['update:context1'] ||
hasPermission['update:context2']) &&
hasPermission['update:context3']}" type="Boolean"/>
or something like that. I'm still working out the details.
-Adrian
Andrew Zeneski wrote:
That sounds cool. I'm not sure what that would really look like,
but nevertheless sounds really cool! :) If you need anything
from me let me know...
Andrew
On Apr 30, 2009, at 1:00 PM, Adrian Crum wrote:
Andrew Zeneski wrote:
I'd be happy to discuss additional changes as well (which
aren't yet documented) like adding support to check multiple
permissions at once, returning a Map of results from that
permission check. So, if you or anyone else has a wish list
for security, let me know so I can get it all incorporated at
the same time.
Btw, I'm working on adding an extension to the UEL that will
allow permission expressions.
-Adrian
