< Magazine />


Portal HOWTO: Rights management

Thursday, February 17, 2011 by Carsten Hufe   Tags:  devproof   howto   portal   rights 

This is a short description of the rights and roles system. You can edit the rights and roles under the Global Administration box.

 

Rights Management

 

One role can contain a unlimited number of rights. Currently one user can be assigned to one role. So the interesting parts are the rights. There is a set of rules to create new rights:

1. Protection with @Secured annotation

This is the common way to secure components. Every component which is annotated with @Secured is protected. Regardless whether the right was created or not. If you want to access the page, which is annotated with @Secured, you have to create the right. Here is an example for the usage:

@Secured("user.admin")
public class UserPage extends TemplatePage {
    public UserPage() {
         // your code here
    }
}

So there must be a right named user.admin and the user must have the right to access the page. There is a different behaviour between pages and other components. If the right is missing on a page you get redirected to an error page. Components does not get rendered by default, if the right is missing. Furthermore you could define that a component should just disabled:

@Secured(value = "user.admin", action = Action.ENABLE)
public class MyPanel extends Panel {
    public MyPanel () {
         // your code here
    }
}

2. Generic page protection

If there is a right with the page prefix plus page name, e.g. page.BlogPage, the user must have the right to visit the page. The page name is the simple class name of the wicket page class. If the user does not have the right for the page, he will redirected to the login. If there is no right for the page, the page is unprotected.

3. Generic component protection

It is possible to protect parts of pages. If there is a right general prefix plus the component name, e.g. general.GlobalAdminBoxPanel, the user must have the right  to see the component. The described right belongs to the Global Administration box. If the user does not have the right for this component, he does not see the component. If there is no right for a component, the component is unprotected. The component name is the simple class name of the wicket component class.

4. Content protection

The logic for the content protection is implemented in the appropriate module. I will explain it with the download module. By convention the content protection rights start with the module name, followed by a dot:

 

download.view.registered

 

The next part "view" is a implemented section part, e.g. for download there are three subparts: view, download and vote. View means the user can see the download. Download means he is able to download it. Vote means he is allowed to vote. The third part of the right is defined by the administrator, so he can define a unlimited set of new rights, e.g. :

 

download.view.preview

 

This could be an example for a new right to the role revision which could review new downloads. The new right is listed in the right matrix of the download formular:

 

New right

 

Conclusion

You have the possibility to protect everything you want. This includes pages, components and content. It is a quite powerful right system.

 
Devproof on Twitter
Diese Webseite wird von netcup gehostet, dem Provider mit Qualitaet.


Bookmark and Share

© 2009-2011 - www.devproof.org