You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Randy Watler (JIRA)" <je...@portals.apache.org> on 2005/08/26 19:36:26 UTC

[jira] Commented: (JS2-354) Provision for portlet-level permissions

    [ http://issues.apache.org/jira/browse/JS2-354?page=comments#action_12320165 ] 

Randy Watler commented on JS2-354:
----------------------------------

Ate has requsted that if we do choose to implement this feature, that it be enabled/disabled via configuration.

It is still not clear how a portlet should be removed if access is not granted. In particular, should both the action and render phases be skipped, just rendering, or should all phases be executed and the content simply stripped from the layout. If either phase is to be executed, how can or should the portal communicate the fact that access is not granted to the portlet?

What are the ramifications of stripping a portlet out of a layout? Do we need to consider having a "Access Forbidden" portlet placeholder, and if so, how would it be specified?

Finally, does this feature need to be bundled with or related to the proposed "Portlet Menu"/"J1 Fragment" functionality that allows portlets to appear conditionally within pages based on menu selections or other url criteria?


> Provision for portlet-level permissions
> ---------------------------------------
>
>          Key: JS2-354
>          URL: http://issues.apache.org/jira/browse/JS2-354
>      Project: Jetspeed 2
>         Type: Improvement
>   Components: Security
>     Versions: 2.0-FINAL, 2.0-M4
>  Environment: Generic
>     Reporter: Prashanth Gujjeti
>     Assignee: Randy Watler

>
> There has been a lot of discussion on this aspect in both the developer and user forums. Even though the portlet content can be controlled from within the Portlet (by checking for the appropriate roles), it would be nice to control the content from a layer above like PSML (or the RdbmsPolicy). That gives the programmer the flexibility to modify the permissions per portlet, and hence the content without any code change.
> Since the feature has already been implemented, but just disabled (refer David's and Randy's comments in the forums), I hope its not too much of work to provide this feature. Sincerely appreciate your effort folks!

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org