• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to impl ACLs/Permissions?

 
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am trying to do ACL/Permissions in my application. MOstly its not ACL but just Permissions like,
1. Role-A can "read" Object-1
2. Role-B can "read,write" Object-1

etc..

Now,
1. In the GUI I need to display "Read" and "Write" corresponding menu commands but if the role doesn't have access of any operation, I need to greyed it out.

2. In the backend the method like readObject1() and writeObject1() would have to also accept a PermissionContext sort of object where I first check if the requester really have rights to perform the operation. If the permission check fails I throw some sort of PermissionDeniedException you know..

My question is, does this sound okay? How otherwise people do it?

Also, in GUI its difficult to disable things as there are many buttons, menus etc and I have to disable some items from them when I load GUI so I would have to prepare sort of GUIPermissions object where I can store "permission,target" data and apply to the GUI while rendering...

Other option to this disabling/graying out UI items, would be- when user clicks on the option it goes to backend and comes back saying "Access Denied" BUT from UI's view it would really look cool if I can disable things...

Please provide your thoughts here.

Regards,
Maulin
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've done several systems with an API like

Resource is just a string name for anything one user can do that another cannot. Action default to "read" but you can specify "update" or "execute" or whatever you support. Backend code calls this API any time somebody asks to use a secured resource.

That's all pretty straightforward on the backend. The frontend can be harder. We're doing a web app now where we use another API

and pass them to the browser. The browser caches them and has roughly the same hasPermission method.

We also build some special structures on the backend for menus and such.

Any of that sound useful? Do you have a good model for users & resources & permissions?
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stan,

I guess we are on similar mindframe here.

UI becomes little difficult. I was reading about "Chain of responsibility" pattern where the example in the GoF book given is for Context Sensitive Help but for us its not exactly fitting in we have to do something like,

Button b = new Button("Create Object1");
b.setEnabled(getActivationStatus(roleContext,"create object1"));

MenuItem mi = new MenuItem("Destroy object2"); // I have not done swing for long so this might be totally in correct but you get the idea...

mi.setEanbled(getActivationStatus(roleContext,"destroy object2"));

something along those lines I am thinking..

Here, "create object1" and "destroy object2" are similar to "resource" argument you have mentioned and action will be determined by the getActivationStatus() appropriately and checked against "cached" Permissions Datastructure.

We have not yet created model for permissions but these are just abstract thoughts right now..

Thanks, your thoughts helps.

Regards,
Maulin
 
a wee bit from the empire
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic