Hello!
Working at the projects I often come across the problem of users'
information access
and users' possibility restriction conserning their rights. To solve the
problem
I suggest new securitymanager taglibrary. All users are divided into groups.
The list of users' rights is defined for each group. The user's right
describes permission or
prohibition of user's possibilities defined by the problem context.
The data are stored in XML-files or in any of known RDBMS such as Oracle,
Informix and so on.
The library can be "built-in" the existing system with helping its
file-properties.
Most of tags are used for managing administrative project part, but the main
tag is security.
The principle of its activity is:
whether the tag body is ignored or not because of the user's group rights.
In this way user's possibilities are defined in the project.
This is the brief taglibrary description (most of tags are without any
comments cause
their meanings are clear to you from their profiles):
<!ELEMENT security (#PCDATA)>
<!ATTLIST security
right CDATA #REQUIRED
user CDATA #REQUIRED >
<!ELEMENT newuser (field *)>
<!ATTLIST newuser %attruser>
<!ELEMENT edituser (field *)>
<!ATTLIST edituser %attruser>
<!ELEMENT deleteuser EMPTY>
<!ATTLIST deleteuser
id CDATA #REQUIRED>
<!ELEMENT field>
<!ATTLIST field
name CDATA #REQUIRED
value CDATA #IMPLIED>
If users of the taglibrary like to extend data about project users, groups
and right,
they can do it with helping field tag.
<!ELEMENT newgroup (field *)>
<!ATTLIST newgroup
id CDATA #REQUIRED>
<!ELEMENT editgroup (field *)>
<!ATTLIST editgroup
id CDATA #REQUIRED>
<!ELEMENT deletegroup EMPTY>
<!ATTLIST deletegroup
id CDATA #REQUIRED
recursive (yes|no) no >
<!ELEMENT addusertogroup EMPTY>
<!ATTLIST addusertogroup %attrusergroup >
<!ELEMENT deleteuserfromgroup EMPTY>
<!ATTLIST deleteuserfromgroup %attrusergroup >
<!ELEMENT changeusergroup EMPTY>
<!ATTLIST changeusergroup %attrusergroup >
<!ELEMENT newright (field *)>
<!ATTLIST newright
id CDATA #REQUIRED>
<!ELEMENT editright (field *)>
<!ATTLIST editright
id CDATA #REQUIRED>
<!ELEMENT deleteright EMPTY>
<!ATTLIST deleteright
id CDATA #REQUIRED>
<!ELEMENT addrighttogroup EMPTY>
<!ATTLIST addrighttogroup %attrrightgroup >
<!ELEMENT deleterightfromgroup>
<!ATTLIST deleterightfromgroup %attrrightgroup >
<!ELEMENT get EMPTY>
<!ATTLIST get
type %types #REQUIRED
field CDATA #REQUIRED >
The tag is used for getting a list of users, groups, rights.
<!ELEMENT list (getfield *, condition *, next *)>
<!ATTLIST list
type %types #REQUIRED
sort CDATA #IMPLIED >
The tag is used for moving to next record.
<!ELEMENT next EMPTY>
The tag is used for getting current record fields.
<!ELEMENT getfield EMPTY>
<!ATTLIST getfield
name CDATA #REQUIRED
format CDATA #IMPLIED >
description of xml-files:
users.xml
<!ELEMENT user (field *)>
<!ATTLIST user
id ID #REQUIRED
group CDATA #IMPLIED >
groups.xml
<!ELEMENT group (field *, groupright *)>
<!ATTLIST group
id ID #REQUIRED
name CDATA #IMPLIED >
<!ELEMENT groupright EMPTY>
<!ATTLIST groupright
right CDATA #REQUIRED >
rights.xml
<!ELEMENT right (field *)>
<!ATTLIST right
id ID #REQUIRED >
-----------------------------------
<!ENTITY attruser
"id CDATA #REQUIRED
group CDATA #IMPLIED">
<!ENTITY attrusergroup
"user CDATA #REQUIRED
group CDATA #REQUIRED" >
<!ENTITY attrrightgroup
"right CDATA #REQUIRED
group CDATA #REQUIRED" >
<!ENTITY % types
"user|group|right">
Yauheni Mikulski.
