portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago Gala <sg...@hisitech.com>
Subject Re: Group / Role Portals
Date Sat, 26 Jan 2002 12:32:28 GMT
David Sean Taylor wrote:

>>"There currently isn't support roles or groups. This will be added in the
>>next release with the new profiler service."
>>
>>Who is working on this? What will be supported? When will it be available?
>>Need any help?
>>
>
>I just started revistiing this feature recently.
>In order for it to complete it, we need to:
>- make persmission checks before granting access to these pages
>  (there currently is no way to declare security access to a psml page.
>   this would be useful for administrative users to customize users psml,
>and the anon account)
>
Don't put permission checks in the implementation code.

The idea I'm implementing is to have wrapper classes which take care of 
the security checks and isolate internal classes from the "portletAPI" 
visible classes. This could even allow for unplugging completely the 
security checks, by just having different wrappers or no wrapper at all.

For the moment, I have committed wrappers for portlets. I'm in the 
process of removing security checks related with portlets and 
controls/controllers (no longer needed) and wrapping the portlets in the 
PortletFactory. The code results much cleaner, and we have a small set 
of classes where all the semantics of the security is contained.

I'm still working in PortletSet wrappers, which will take care of the 
PSML security checks (after all, a PSML document is a big portletset. 
This is still not cristal clear to me, but everything looks promising.

Still missing the changes in PSML/registry formats for new security 
constraints

>
>- correctly rewrite the links to include these parameters
>
This is an important thing to be done. Please, concentrate here. It 
would be nice if default values are not added to the URL. For instance:

/group/global --> not added
/role/user --> ? I don not see roles completely yet
/user/<currentUser> --> not added

>
>- add jlink methods to build these links from .vm
>
Ditto. It would be great if all URL generating code is put together in 
the same class. grep is wonderful for this ;)

>
>>Need any help?
>>
>sure
>
I think a IRC meeting would be great, to coordinate this efforts. Give 
me a touch and we can try to make it ASAP.

>
>>Will this address portals for roles and groups, rather than just portals
>>
>for
>
>>individual users?
>>
>
>Im working on an algorithm in the profiler so that when a user
>doesn't have a requested psml resource, it will fallback and look under any
>role-resources that the user may have of the same name.
>Although this may be useful, it may cause issues for portlets that persist
>parameters in the psml file.
>
The profile returned by the fallback algorithm should be the repository 
of all this information. I.E. the customizer should only work with it, 
the Persistence service should be hooked from there. If we are coherent 
following this behaviour, it will be allright.

Rule: all PSML related calls in the request path *must* get the document 
through data.getProfile(), so all are working on the current one.

If we are customising a page, this should be done by requesting this 
page in mode customise, instead of mode view. Cleaning the code to 
respect these guidelines (again, using grep liberally to find all calls) 
should help us a lot.

See my commits later today.



--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message