THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Name | Externalize User Permissions |
Status | Proposal under development |
Target Release | Roller Weblogger 4.1 |
Original Authors | Dave Johnson |
...
This is a proposal to make it possible to externalize user permissions so that Roller can pull user-weblog permissions from a separate user permissions system.
1.0 Abstract
For ease of installation and management, Roller is able to manage it's own users permissions relying on any external system other than its RDBMS. We definitely don't want to lose that that easiness, but we do want to make it possible to plug Roller into existing sites and applications that have their own permissions management systems.
This proposal outlines a plan to make it easy to hook Roller up to an external user permissions system. The general approach is to define a User Permissions API, provide a default implementation for Roller, and change UserManager to use that API. Developer could then provide alternative implementations of that API to plug in their own user permissions systems.
2.0 Background
HereTo understand this proposal you need to understand how Roller's existing user management system works. So here's an explanation of Roller's current user permissions managementsystem, the perceived problems and proposed solutions.
...
2.1.2 Solution: User Permissions API
First, we remove the dependence on ORM for permissions. Insead calling ORM supported methods on the Weblog and User classes, the Roller front-end will call the Roller UserManager to access permissions information. We'll add these new methods to accommodate that:
...
| Code Block |
|---|
public Set<WeblogPermission> getWeblogPermissions(Weblog weblog) public Set<WeblogPermission> getUserPermissions(User user) public void grantPermissions(WeblogPermissionString permusername, StringWeblogPermission usernameperm) public void removePermissionsremovePermission(String username, WeblogPermission perm) public int getUserCount(Weblog weblog) public int getAdminCount(Weblog weblog) |
To Second, to allow us to plugin alternate user permissions systems Roller's default UserManager implementation will call a User Permissions API interface to store and retrieve permissions:permissions. This could be done in a generic way by allowing user permissions to be granted on any object of any class.
For example, this API allows you to grant permissions on specific objects and uses a mask for permissions as we do now in Roller.
UserPermissions interface methods
| Code Block |
|---|
public Set<Permissions> getObjectPermissions(String objectClass void grantPermission( String username, String objClass, String objectId, int mask) public void removePermissions( String username, String objClass, String objectId, int mask) public Set<Permission> getUserPermissions() public Set<Permissions>Set<Permission> getUserPermissions(String usernameobjClass) public voidSet<Permission> grantPermissionsgetUserPermissions(PermissionsString permsobjClass, String usernameobjectId) public voidSet<Permission> removePermissions(Permissions getObjectPermissions(String objClass, String objectId) |
Permissions bean
| Code Block |
|---|
int mask
String objectClass
String obectId
|
...