You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2003/07/18 11:00:35 UTC

Assigning usecases to roles

Hi Lenya developers,

the upcoming UsecaseAuthorizer can be used to protect the
invocation of certain usecases depending on roles.
Therefore we need a mechanism to define which role is allowed
to invoke which usecases.

Maybe the most simple solution would be to add the usecases
directly to the role:

<role id="editor">
   <usecase id="create"/>
   <usecase id="delete"/>
   <usecase id="restore"/>
</role>

But I'd rather like to separate access control and CMS
functionality.

What do you think?
Andreas



---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: Assigning usecases to roles

Posted by Michael Wechner <mi...@apache.org>.
Andreas Hartmann wrote:

> 
> But I'd rather like to separate access control and CMS
> functionality.

+1

It think usecases should be protected similar as URIs (originally we had
the usecases embedded within the URI path).

Thanks

Michael

> 
> What do you think?
> Andreas
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: lenya-dev-help@cocoon.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: Assigning usecases to roles

Posted by Andreas Hartmann <an...@apache.org>.
Alex McLintock wrote:

> A usecase is some action which can be done such as creating a document, 
> deleteing a document, restoring a document from an earlier version.
> This is roughly equivalant to the software design and testing phrase 
> "Use Case".

Yes.

> The system will typically try to decide whether a particular user is 
> allowed to do a particular thing (or UseCase) by means of an Authorizer.

Yes. For actions that are connected to workflow transitions, this task
is performed by the WorkflowAuthorizer. But we need another authorizer
that is not connected to the workflow.

> Now in most of the systems I work with I simply say "User is trying to 
> do X, therefore does User have the Y Role" and embed this in the logic 
> of the action/usecase X but not in Lenya.
> 
> It seems to me that what you describe in your XML below is correct.
> 
> I don't see that you can separate the CMS and access control....
> or are you merely wondering about *where* to put this XML.

Exactly. I just wonder if the access control configuration shall
contain any information about CMS functionality.

I see roles as the joint between access control and functionality.
They are probably the most stable entity, I have the feeling that
roles will stay also when users/groups and CMS functions come and
go. But I'm of course not sure about that.

In the case of workflow, the workflow schema contains references to
roles. I think I would prefer a usecase definition file where I
can say which roles are allowed to invoke this usecase. This would
be quite similar to the workflow:

<usecase id="create">
   <role id="editor"/>
</usecase>

<usecase id="delete">
   <role id="editor"/>
</usecase>

...

> (Feel free to cut and paste this into the Wiki if it is helpful :-)

OK, thanks!

Andreas



---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: Assigning usecases to roles

Posted by Alex McLintock <al...@OWAL.co.uk>.
I may have this wrong but here is my understanding....


A usecase is some action which can be done such as creating a document, 
deleteing a document, restoring a document from an earlier version.
This is roughly equivalant to the software design and testing phrase "Use 
Case".

The system will typically try to decide whether a particular user is 
allowed to do a particular thing (or UseCase) by means of an Authorizer.

Now in most of the systems I work with I simply say "User is trying to do 
X, therefore does User have the Y Role" and embed this in the logic of the 
action/usecase X but not in Lenya.

It seems to me that what you describe in your XML below is correct.

I don't see that you can separate the CMS and access control.... or are you 
merely wondering about *where* to put this XML.

(Feel free to cut and paste this into the Wiki if it is helpful :-)

Alex


At 10:00 18/07/03, you wrote:
>Hi Lenya developers,
>
>the upcoming UsecaseAuthorizer can be used to protect the
>invocation of certain usecases depending on roles.
>Therefore we need a mechanism to define which role is allowed
>to invoke which usecases.
>
>Maybe the most simple solution would be to add the usecases
>directly to the role:
>
><role id="editor">
>   <usecase id="create"/>
>   <usecase id="delete"/>
>   <usecase id="restore"/>
></role>
>
>But I'd rather like to separate access control and CMS
>functionality.
>
>What do you think?
>Andreas
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
>For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Available for java/perl/C++/web development in London, UK or nearby.
Apache FOP, Cocoon, Turbine, Struts,XSL:FO, XML, Tomcat, JSP
http://www.OWAL.co.uk/


---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org