security usage question

[Phillip Rhodes <rh...@yahoo.com>]

all,

I am writing a survey application.  That is, users login and based upon 
their identity will see a set of surveys that they can respond to.

There may be thousands of users, and a hundred different surveys.  I am 
unsure how I would use the Turbine security system to do this.  How would I 
be able to get a list of surveys that a user can respond to?

I would like to create a group for each survey and assign users to that 
group with the role of "Responder"

So for each survey, there would be a group
Users who could respond to the survey would be given the role "Responder" 
for the group that represents the survey they can respond to.

My problem here is that  I KNOW the required role ("Responder"), but I do 
not know the group membership of the user.  There is no way to get the 
groups that a user is a member of.

It seems that I must know the Group to get a role, but there is no way to 
get groups for a given role.  I could then take those groups and do a query 
against a table I created that defines a survey to group mapping.


I would appreciate any thoughts.

Phillip






_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: security usage question

[Rajeev Kaul <Ra...@customercaresolutions.com>]

You can get the group membership of a user with a certain role as follows:


Pass the following criteria to the getGroups(Criteria) method of
TurbineSecurityService.

   Criteria criteria = new Criteria();
   criteria.addJoin(GroupPeer.GROUP_ID, UserGroupRolePeer.GROUP_ID);
   criteria.addJoin(UserGroupRolePeer.USER_ID, TurbineUserPeer.USER_ID);
   criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
   criteria.add(TurbineUserPeer.USERNAME, user.getUserName());
   criteria.add(RolePeer.NAME,role.getName());


   GroupSet groups = TurbineSecurit.getGroups(criteria);

----- Original Message -----
From: "Phillip Rhodes" <rh...@yahoo.com>
To: <tu...@jakarta.apache.org>
Sent: Tuesday, January 15, 2002 8:46 PM
Subject: security usage question


> all,
>
> I am writing a survey application.  That is, users login and based upon
> their identity will see a set of surveys that they can respond to.
>
> There may be thousands of users, and a hundred different surveys.  I am
> unsure how I would use the Turbine security system to do this.  How would
I
> be able to get a list of surveys that a user can respond to?
>
> I would like to create a group for each survey and assign users to that
> group with the role of "Responder"
>
> So for each survey, there would be a group
> Users who could respond to the survey would be given the role "Responder"
> for the group that represents the survey they can respond to.
>
> My problem here is that  I KNOW the required role ("Responder"), but I do
> not know the group membership of the user.  There is no way to get the
> groups that a user is a member of.
>
> It seems that I must know the Group to get a role, but there is no way to
> get groups for a given role.  I could then take those groups and do a
query
> against a table I created that defines a survey to group mapping.
>
>
> I would appreciate any thoughts.
>
> Phillip
>
>
>
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: security usage question

[Dan Diephouse <di...@eastnode.com>]

I very much appreciate your predicament.  I have a very similar 
situation.  Since the Turbine security system in Turbine 2 is limited 
you will have to come up with some sort of hack.  I have two suggestions:

Hack 1) Have each group be a survey.  You noted the problem with this is 
that you can't get a list of groups that a person is a member of.  Well 
to hack your way through that you can write some custom SQL code to 
retrieve a list of groups that a "Responder" is a member of.

Hack 2) Create a new table USER_SURVEY which relates the TURBINE_USER 
table to the surveys.  So it would have the columns USER_ID, and 
SURVEY_ID.  You can consult the Extend User Howto on the website on how 
to do this.  You will need to create a TurbineUserAdapter and a 
TurbineUserPeerAdapter to implement the retrieveByPK methods for torque.

Hope this helps!

- Dan Diephouse

Phillip Rhodes wrote:

> all,
>
> I am writing a survey application.  That is, users login and based 
> upon their identity will see a set of surveys that they can respond to.
>
> There may be thousands of users, and a hundred different surveys.  I 
> am unsure how I would use the Turbine security system to do this.  How 
> would I be able to get a list of surveys that a user can respond to?
>
> I would like to create a group for each survey and assign users to 
> that group with the role of "Responder"
>
> So for each survey, there would be a group
> Users who could respond to the survey would be given the role 
> "Responder" for the group that represents the survey they can respond to.
>
> My problem here is that  I KNOW the required role ("Responder"), but I 
> do not know the group membership of the user.  There is no way to get 
> the groups that a user is a member of.
>
> It seems that I must know the Group to get a role, but there is no way 
> to get groups for a given role.  I could then take those groups and do 
> a query against a table I created that defines a survey to group mapping.
>
>
> I would appreciate any thoughts.
>
> Phillip





--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: security usage question

[Phillip Rhodes <rh...@yahoo.com>]

I agree that I could create a role for each user, and then grant 
permissions for each survey.  However, I think this goes against what a 
Role should be.

In a typical application, there is a "Customer" role.  One would not create 
a different role for each Customer (i.e. customer1, customer2).  In the 
same way, the "Respondent" encapsulates a generic Role.  That is what RBAC 
is all about

By creating a role for each survey, we are in essence creating a role for 
each particular customer.

Thanks.





At 11:48 PM 1/15/2002 -0600, you wrote:
>Remember each role has 1 or more permissions and each user can have one or
>more roles regardless of the group that they are in...
>
>Instead of creating a group for each survey, I would create a permission for
>each.
>
>Then assign roles.
>
>e.g. If any user can take surveys 1, 2 & 7, assign a role the 3 permissions.
>If the role to permssion is always 1-1, then don't make permissions at all,
>make roles for each survey and only worry about roles.
>
>Now assign each user whatever roles/permissions they need.
>
>i.e. (using the previous example) if user1 can take surveys 1,2 & 7, assign
>him role1
>
>Doing it this way, you only need one group, surveyTakers.
>
>HTH (and clears the confusion),
>
>Steve
>
>-----Original Message-----
>From: Phillip Rhodes [mailto:rhodespc@yahoo.com]
>Sent: Tuesday, January 15, 2002 10:47 PM
>To: turbine-user@jakarta.apache.org
>Subject: security usage question
>
>
>all,
>
>I am writing a survey application.  That is, users login and based upon
>their identity will see a set of surveys that they can respond to.
>
>There may be thousands of users, and a hundred different surveys.  I am
>unsure how I would use the Turbine security system to do this.  How would I
>be able to get a list of surveys that a user can respond to?
>
>I would like to create a group for each survey and assign users to that
>group with the role of "Responder"
>
>So for each survey, there would be a group
>Users who could respond to the survey would be given the role "Responder"
>for the group that represents the survey they can respond to.
>
>My problem here is that  I KNOW the required role ("Responder"), but I do
>not know the group membership of the user.  There is no way to get the
>groups that a user is a member of.
>
>It seems that I must know the Group to get a role, but there is no way to
>get groups for a given role.  I could then take those groups and do a query
>against a table I created that defines a survey to group mapping.
>
>
>I would appreciate any thoughts.
>
>Phillip
>
>
>
>
>
>  _________________________________________________________ Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>--
>To unsubscribe, e-mail:
><ma...@jakarta.apache.org>
>For additional commands, e-mail:
><ma...@jakarta.apache.org>
>
>
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: 
><ma...@jakarta.apache.org>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: security usage question

["Gonzalo A. Diethelm" <go...@aditiva.com>]

> Instead of creating a group for each survey, I would create a 
> permission for each.
> 
> Then assign roles.
> 
> e.g. If any user can take surveys 1, 2 & 7, assign a role the 3 
> permissions.
> If the role to permission is always 1-1, then don't make 
> permissions at all,
> make roles for each survey and only worry about roles.

But if there are 100 surveys, this is clearly not possible,
due to the HUGE amount of combinations that you would have
to create a separate roles...


-- 
Gonzalo A. Diethelm
gonzalo.diethelm@aditiva.com


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: security usage question

[Steve <tu...@knology.net>]

Remember each role has 1 or more permissions and each user can have one or
more roles regardless of the group that they are in...

Instead of creating a group for each survey, I would create a permission for
each.

Then assign roles.

e.g. If any user can take surveys 1, 2 & 7, assign a role the 3 permissions.
If the role to permssion is always 1-1, then don't make permissions at all,
make roles for each survey and only worry about roles.

Now assign each user whatever roles/permissions they need.

i.e. (using the previous example) if user1 can take surveys 1,2 & 7, assign
him role1

Doing it this way, you only need one group, surveyTakers.

HTH (and clears the confusion),

Steve

-----Original Message-----
From: Phillip Rhodes [mailto:rhodespc@yahoo.com]
Sent: Tuesday, January 15, 2002 10:47 PM
To: turbine-user@jakarta.apache.org
Subject: security usage question


all,

I am writing a survey application.  That is, users login and based upon
their identity will see a set of surveys that they can respond to.

There may be thousands of users, and a hundred different surveys.  I am
unsure how I would use the Turbine security system to do this.  How would I
be able to get a list of surveys that a user can respond to?

I would like to create a group for each survey and assign users to that
group with the role of "Responder"

So for each survey, there would be a group
Users who could respond to the survey would be given the role "Responder"
for the group that represents the survey they can respond to.

My problem here is that  I KNOW the required role ("Responder"), but I do
not know the group membership of the user.  There is no way to get the
groups that a user is a member of.

It seems that I must know the Group to get a role, but there is no way to
get groups for a given role.  I could then take those groups and do a query
against a table I created that defines a survey to group mapping.


I would appreciate any thoughts.

Phillip





 _________________________________________________________ Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>