[ http://issues.apache.org/jira/browse/JS2-354?page=comments#action_12363802 ]
Michael Gustav Simon commented on JS2-354: ------------------------------------------ If access not granted the RenderRequest should not be executed for this portlet. I think the ActionRequest cannot be run, until a RenderRequest will generate the view. Remember, what will happen, if a portlet ist set to a personalized page by a pre-given right and this right will be decrated? How to mange the portlet level security constraint? Maybe a todo for the j2-admin portlets? It will be nice, if an administrator can configure the rights in the jetspeed administration web interface! > Provision for portlet-level permissions > --------------------------------------- > > Key: JS2-354 > URL: http://issues.apache.org/jira/browse/JS2-354 > Project: Jetspeed 2 > Type: Improvement > Components: Security > Versions: 2.0-M4, 2.0-FINAL > Environment: Generic > Reporter: Prashanth Gujjeti > Assignee: Randy Watler > Fix For: 2.1 > > There has been a lot of discussion on this aspect in both the developer and > user forums. Even though the portlet content can be controlled from within > the Portlet (by checking for the appropriate roles), it would be nice to > control the content from a layer above like PSML (or the RdbmsPolicy). That > gives the programmer the flexibility to modify the permissions per portlet, > and hence the content without any code change. > Since the feature has already been implemented, but just disabled (refer > David's and Randy's comments in the forums), I hope its not too much of work > to provide this feature. Sincerely appreciate your effort folks! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
