...
In addition to roles, which are global across a Roller site, Roller also each user's permissions to access weblogs. There is a many-to-many relationship between users and weblogs and it's stored in a database table:
Code Block |
---|
-- User permissions within a website -- permission_mask: bitmask 000 limited, 001 author, 011 admin -- pending: pending user acceptance of invitation to join website create table roller_user_permissions ( id varchar(48) not null primary key, website_id varchar(48) not null, user_id varchar(48) not null, permission_mask integer not null, pending $db.BOOLEAN_SQL_TYPE_TRUE not null ); |
There are three permission levels:
...
Each User object provides access to the User's weblog permissions. When a user logs in, we use this to display the user's list of weblogs.
User
Code Block |
---|
User public List getPermissions() public void setPermissions(List perms) |
Each Weblog object provides access to the Weblog's permissions. When a weblog admin uses the manage members page, we use this information to display the list of weblog members and the permissions levels of each.
Weblog
Code Block |
---|
Weblog public List getPermissions() public void setPermissions(List perms) public void removePermission(WeblogPermission perms) public int getUserCount() public int getAdminUserCount() WeblogEntry |
public
...
boolean
...
hasWritePermissions(User
...
user)
...
Code Block |
---|
h4. Problem
Permissions cannot be managed by external system because the User to Permissions to Weblog relationship is managed by the ORM, the information must be stored in Roller database tables and cannot be externalized and managed by another system.
h4. Solution: User Permissions API
Insead calling ORM supported methods on the Weblog and User classes, the Roller front-end will call the Roller UserManager to access permissions information. We'll add these new methods to accommodate that:
UserManager
|
public Set<WeblogPermission> getWeblogPermissions(Weblog weblog)
public Set<WeblogPermission> getUserPermissions(User user)
public void grantPermissions(WeblogPermission perm, String username)
public void removePermissions(WeblogPermission perm)
public int getUserCount(Weblog weblog)
public int getAdminCount(Weblog weblog)
Code Block |
---|
To allow us to plugin alternate user management systems Roller's default UserManager implementation will call a _User Permissions API_ interface to store and retrieve permissions:
UserPermissions interface methods
|
public Set<Permissions> getObjectPermissions(String objectClass, String objectId)
public Set<Permissions> getUserPermissions(String username)
public void grantPermissions(Permissions perms, String username)
public void removePermissions(Permissions
Code Block |
---|
Permissions bean
|
int mask
String objectClass
String obectId
Code Block |
---|
Problem
Permissions cannot be managed by external system because the User to Permissions to Weblog relationship is managed by the ORM, the information must be stored in Roller database tables and cannot be externalized and managed by another system.
Solution: User Permissions API
Insead calling ORM supported methods on the Weblog and User classes, the Roller front-end will call the Roller UserManager to access permissions information. We'll add these new methods to accommodate that:
Code Block |
---|
UserManager
public Set<WeblogPermission> getWeblogPermissions(Weblog weblog)
public Set<WeblogPermission> getUserPermissions(User user)
public void grantPermissions(WeblogPermission perm, String username)
public void removePermissions(WeblogPermission perm)
public int getUserCount(Weblog weblog)
public int getAdminCount(Weblog weblog)
|
To allow us to plugin alternate user management systems Roller's default UserManager implementation will call a User Permissions API interface to store and retrieve permissions:
Code Block |
---|
Roller will include a User Permissions API that stores data in the Roller database. Other implementations can be plugged in via DI.
...