THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This is a proposal to make it possible to externalize user permissions so that Roller can pull user-weblog permissions from a separate user permissions system.
Background
Here's an explanation of Roller's current user permissions management, the perceived problems and proposed solutions.
Roller manages user-weblog permissions
In addition to roles, which are global across a Roller site, Roller also each
user's permissions to access weblogs. There is a many-to-many relationship
between users and weblogs and it's stored in a database table: – User permissions within a website
–
| Code Block |
|---|
-- User permissions within a website -- permission_mask: bitmask 000 limited, 001 author, 011 |
...
admin -- pending: pending user acceptance of invitation to join website |
...
create table roller_user_permissions |
...
( id varchar(48) not null primary key, |
...
website_id varchar(48) not null, |
...
user_id varchar(48) not null, |
...
permission_mask integer not null, |
...
pending $db.BOOLEAN_SQL_TYPE_TRUE not null |
...
); |
There are three permission levels:
- limited: can edit draft weblog entries only, can submit for review
- author: can edit draft and publish weblog entries
- admin: can author and can manage users, weblog settings, theme and etc.
Each User object provides access to the User's weblog permissions. When a user
logs isin, we use this to display the user's list of weblogs.
| Code Block |
|---|
...
User public List getPermissions() |
...
public void setPermissions(List perms) |
Each Weblog object provides access to the Weblog's permissions. When a weblog
admin uses the manage members page, we use this information to display the
list of weblog members and the permissions levels of each. Weblog
public List
| Code Block |
|---|
Weblog public List getPermissions() |
...
public void setPermissions(List perms) |
...
public void removePermission(WeblogPermission perms) |
...
public int getUserCount() |
...
public int getAdminUserCount() |
...
WeblogEntry public boolean hasWritePermissions(User user) |
Problem
Permissions cannot be managed by external system because the User to Permissions
to Weblog relationship is managed by the ORM, the information must be stored in
Roller database tables and cannot be externalized and managed by another system.
Solution: User Permissions API
Insead calling ORM supported methods on the Weblog and User classes, the Roller
front-end will call the UserManager to access permissions information: UserManager
public Set<WeblogPermission>
| Code Block |
|---|
UserManager public Set<WeblogPermission> getWeblogPermissions(Weblog weblog) |
...
public Set<WeblogPermission> getUserPermissions(User user) |
...
public void grantPermissions(WeblogPermission perm, String username) |
...
public void removePermissions(WeblogPermission perm) |
...
public int getUserCount(Weblog weblog) |
...
public int getAdminCount(Weblog weblog) |
Roller's UserManager implementation will then call a User Permissions API
interface to store and retrieve permissions:
| Code Block |
|---|
UserPermissions interface methods |
...
public Set<Permissions> getObjectPermissions(String objectClass, String objectId) |
...
public Set<Permissions> getUserPermissions(String username) |
...
public void grantPermissions(Permissions perms, String username) |
...
public void removePermissions(Permissions |
...
Permissions bean |
...
int mask |
...
String objectClass |
...
String obectId |
Roller will include a User Permissions API that stores data in the Roller
database. Other implementations can be plugged in via DI.
You can stop reading here... the rest is TBD
Requirements
Requirements satisfied by this proposal
Issues
Issues to be considered
Design
List and describe new manager methods, Struts actions, JSP pages, macros, etc.
Comments
Other can leave commments here.