Eduard Witteveen <[EMAIL PROTECTED]> wrote:
> Pierre van Rooden wrote:
> >>I was building a new security system for mmbase, but i found out that
> >>there are only 3 Ranks possible in mmbase, and that this cannot be
> >>changed due to Rank.java being final.
> >Quite absurd, really.
> Reason for this was that the number of ranks in an MMBase system are
> defined. Would there be the need for more ranks, it would start a
> discussion.
>
> Keep in mind that a Ranks is not a group or contex, and was not designed
> for this pupose.
>
> Just curious, what kind of new ranks do you want to introduce? ("secure
> logged in users" or something like that?)
I think 'Rank' must be seen as something that can be used for easy
reference for example in the templates. Without the concept of 'rank'
access to something is always related to an MMBase node, but in
practice you often like to grant rights to certain users based only on
their rank.
This is already possible with the cloud-tag. An <mm:cloud rank="basic
user" around your page makes the page inaccessible (at least it
should) for anonymous users (i.e. users which did not provide any
credentials), and <mm:cloud rank="administrator" makes sure that the
page can be viewed only be administrators, e.g. to restart the server,
create builders etc, things not directly related to nodes.
It only seems natural to extend this mechanism to more ranks than the
just three that can be used now.
It is true that the situation is a little strange now, because to
accomplish the beforementioned behavior, the cloud-tag has to use the
Rank class from the security package, which is not considered part of
the bridge.
Should it not be better to consider security interfaces part of the
bridge, rather then trying to mirror them in the bridge itself? Is it
not strange that there is a 'User' interface in the bridge? Should it
not be in security? For 'Rank' goes something similar. In both
security and bridge there is a getRank function but the bridge-version
is in fact just the crippeled version of the real security version,
and returns only a String. Perhaps it would have been been better
after all that even the bridge would return real 'Rank' objects, and
of course also that the security implementation would allow for extra
ranks, to make the whole concept more usefull.
Michiel
--
mihxil' Michiel Meeuwissen
Mediapark C101 Hilversum
+31 (0)35 6772979
[]()
