[
https://jira.duraspace.org/browse/DS-658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24897#comment-24897
]
Mark H. Wood commented on DS-658:
---------------------------------
Rephrasing a bit: the UIs should just ask permission to do what they want, and
deeper (common) code should either grant or deny it. UIs should not make
access decisions; they should just make the attempt and succeed or fail.
Looking at it that way, it seems to me that methods like find() need to be told
how the desired reference will be used. Foo bar = Foo.find(id, Foo.DISPLAY |
Foo.UPDATE); The class either returns an instance (configured to grant the
requested types of access) or throws an exception. This seems to work well for
filesystems. The tricky bit is working out a representative set of access
verbs.
Declaring the UI's intention when requesting the reference allows us to fail
early, giving the user the bad news before he's filled in pages of forms. Late
failure should only happen if the code has not requested all the access that it
actually uses, which is a bug we can fix.
BTW I think that many of the turnOffAuthorisationSystem() calls and the like
would go away if we actually authenticated command-line use. The command-line
tools are a UI too, and I feel that they should work the same way as the web
UIs unless, in specific cases, there is a very good reason not to. If we want
to stack on a noninteractive ("implicit") authentication mechanism, so that OS
users X Y and Z are granted privileges I J and/or K and group memberships A B
and C when working locally, or have it look for ~/.dspace/password, so be it,
but let's confine the special treatment to one small place (such as an authn
plugin).
> Provide a "nonAnon" attribute to XMLUI theme
> --------------------------------------------
>
> Key: DS-658
> URL: https://jira.duraspace.org/browse/DS-658
> Project: DSpace
> Issue Type: New Feature
> Components: XMLUI
> Affects Versions: 1.6.2
> Reporter: S Ottenhoff
> Priority: Major
> Attachments: DS-658.patch
>
>
> Use case: institution has decided that all information about student theses
> must be hidden from anonymous users. This includes author name, title, etc.
> This is fairly easy to implement in the XMLUI. The XMLUI theme needs one
> additional variable called "nonAnon" (boolean on item.canView()).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
