Hi everyone,
I am developing and application using maypole, and I would like to
discuss role based authentication.
The main uses I see for roles in maypole are:
1) Check if the current user is allowed to call a particular
tagle/action couple.
For example, we could have a "role" table and a "user" table which
should be visible to "administrators" (i.e. users who belong to role
"administrator") but not to "customers" (i.e. users who belong to role
"customer"); or, we could limit customers' access to their data to be
read-only, so a user with role "customer" could call customerdata/list
but not customerdata/delete; and so on.
2.a) Build a menu template which displays only the allowed actions for
the current user.
2.b) Each button, hyperlink or form pointing to a particular
table/action combination should be displayed only if the current user is
allowed to call that combination.
In other words, the templates should hide all the elements that would
point to an action the user is not allowed to perform.
Ideally, the user should never see a "not allowed" page, unless she
tries to perform a particular action by typing a specific URL direcly
into the address-bar.
3) Write role-specific templates. This could allow the developer to
customize the interface on a per-role basis.
Though I did not implement this feature, I think one possible solution
would be to add two search paths before the ones TT currenlty searches
templates in:
$template_root/maypole_roles/$role/$table/$action
$template_root/maypole_roles/$role/default/$action
where:
maypole_roles is a name which should never be used for a table name in
the application;
$role is the role of the current user
$table and $action are the usual request slots (e.g. "beer", "list").
What do you think ?
Marcello
_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:57 GMT