As I mentioned in another reply, the permission expressions could replace scripts. I agree there would probably be little use for them in the UI.
-Adrian --- On Thu, 4/30/09, Andrew Zeneski <andrew.zene...@hotwaxmedia.com> wrote: > From: Andrew Zeneski <andrew.zene...@hotwaxmedia.com> > Subject: Re: svn commit: r770084 - in /ofbiz/trunk/framework/example: ./ > config/ data/ entitydef/ security/ servicedef/ widget/example/ > To: dev@ofbiz.apache.org > Date: Thursday, April 30, 2009, 7:31 PM > I'm trying to come up with a use case where this sort of > logic would be applicable, but I just cannot think of any. I > can think of cases where we will conditionally want to check > a single permission but OR/AND permissions together for a UI > element? > > When displaying a list of items, I might add a link to an > update form, in which I would only show the link if update > permission available. Same with delete, but I wouldn't > check these in the same place, rather with each link. > > Also, I might use <display/> for read only users > instead of text boxes (I really like Jacopo's use-when > idea). But when would I really ever want to check them in an > AND/OR fashion? > > Keeping in mind now, that the permission system handles > granularity, as long as we are intelligent when defining > permissions I believe a single permissions should be able to > handle most cases. With the exception of UIs where we would > want to display different things based on a different base > permission, even then a single call using the new > findMatchingPermissions() would totally do the trick. > > Andrew > > On Apr 30, 2009, at 7:43 PM, Adrian Crum wrote: > > > I like that idea. Less chance that an unintended > conversion would occur. > > > > -Adrian > > > > Scott Gray wrote: > >> FYI and I only realized this the other day but > beanshell supports exactly this type of feature where you > can specify things @and, @or and etc. for use in xml files > http://www.beanshell.org/manual/syntax.html#Document_Friendly_Entities > >> I wonder if we do this it might be worth following > the same convention. > >> Regards > >> Scott > >> HotWax Media > >> http://www.hotwaxmedia.com > <http://www.hotwaxmedia.com/> > >> On 1/05/2009, at 5:34 AM, Jacopo Cappellato wrote: > >>> Adrian, > >>> > >>> this is really interesting. > >>> However I think it is time to start thinking > to define our own xml friendly keywords for && and > || operators; I would like to express that statement with > something like this: > >>> > >>> <set field="hasPermission" > value="${(hasPermission['update:context1'] OR > hasPermission['update:context2']) AND > hasPermission['update:context3']}" > type="Boolean"/> > >>> > >>> Jacopo > >>> > >>> > >>> On Apr 30, 2009, at 7:20 PM, Adrian Crum > wrote: > >>> > >>>> <set field="hasPermission" > value="${(hasPermission['update:context1'] || > hasPermission['update:context2']) && > hasPermission['update:context3']}" > type="Boolean"/> > >>>> > >>>> or something like that. I'm still > working out the details. > >>>> > >>>> -Adrian > >>>> > >>>> Andrew Zeneski wrote: > >>>>> That sounds cool. I'm not sure > what that would really look like, but nevertheless sounds > really cool! :) If you need anything from me let me know... > >>>>> Andrew > >>>>> On Apr 30, 2009, at 1:00 PM, Adrian > Crum wrote: > >>>>>> Andrew Zeneski wrote: > >>>>>>> I'd be happy to discuss > additional changes as well (which aren't yet documented) > like adding support to check multiple permissions at once, > returning a Map of results from that permission check. So, > if you or anyone else has a wish list for security, let me > know so I can get it all incorporated at the same time. > >>>>>> > >>>>>> Btw, I'm working on adding an > extension to the UEL that will allow permission expressions. > >>>>>> > >>>>>> > >>>>>> -Adrian > >>>
