blob: 032e28d4aa6b50eea9a368ed0f58d678a2a57fdd [file] [log] [blame]
Work in progress
This proposal outlines an implementation for a standard
Turbine admin app that could easily be extended so that
there would be a usable base for an admin app for all
Turbine applications.
--------------------------------------------------------------------------
N O T E S
--------------------------------------------------------------------------
The Security Service manages Users, Groups Roles and Permissions
in the system.
The task performed by the security service include creation and removal of
accounts, groups, roles, and permissions; assigning users roles in groups;
assigning roles specific permissions and construction of objects
representing these logical entities.
Because of pluggable nature of the Services, it is possible to create
multiple implementations of SecurityService, for example employing database
and directory server as the data backend.
The SecurityService delegates to the specified pluggable components.
The pluggable components include User and UserManager implementations.
These classes are specified in the TR.props.
services.TurbineSecurityService.user.class
services.TurbineSecurityService.user.manager
Do not use user.setPassword(password), use the following method
to add a user: TurbineSecurity.addUser(user, password)
--------------------------------------------------------------------------
U S E R A D M I N F O R M
--------------------------------------------------------------------------
This will be the form used to insert/update/delete user accounts
in the Turbine application.
Fields:
USERNAME
FIRST_NAME
LAST_NAME
EMAIL
NOTE:
Roles are universal, Roles are global and apply to all Groups.
A Group is not a Group of Roles! A Group is not a Group of Users either!
A Group is more akin to a project.
A Role is a single set of permissions.
Each Group will be displayed with the same set of Roles beneath
it in a selector box. We'll use Scarab as an example here.
In Scarab we may have the following Groups (or projects):
Turbine, Velocity, and ECS
We may have the following Roles:
Admin, Developer, Tester, and Guest
So what we would display for each Group is a list
of the Roles in a multi-select SelectorBox. So it might look
something like the following:
Turbine Velocity ECS
------- -------- ---
Admin Admin Admin
Developer Developer Developer
Tester Tester Tester
Guest Guest Guest
So you may choose to assign Jon the role of Admin for Turbine,
and assign Jason the role of Developer in Velocity.
You would then use the following method to have these choices
take affect:
TurbineSecurity.grant(Jon, Turbine, Admin)
TurbineSecurity.grant(Jason, Velocity, Developer)
--------------------------------------------------------------------------
P R O J E C T / G R O U P A D M I N F O R M
--------------------------------------------------------------------------
This will be the form used to insert/update/delete projects/groups
in the Turbine application.
Fields:
GROUP_NAME
--------------------------------------------------------------------------
R O L E A D M I N F O R M
--------------------------------------------------------------------------
This will be the form used to insert/update/delete roles in
a project/group in a Turbine application.
!!
Is this form even intended because I don't see any way to save
the association between a role and a group currently.
Fields:
GROUP/PROJECT ID (I thought that roles were associated with projects/groups)
ROLE_NAME
--------------------------------------------------------------------------
P E R M I S S I O N A D M I N F O R M
--------------------------------------------------------------------------
This will be the form used to insert/update/delete permission in
a Turbine application. Fedor mentioned that permissions were
global. I'm not exactly sure how that works right now.
Fields:
?
--------------------------------------------------------------------------
E X T E N D I N G T H E A D M I N A P P
--------------------------------------------------------------------------
Is there any easy way to allow Torque to generate the peers used
by the security system. This way if any changes were required to
the user class then it would be a matter of changing the XML schema.
Now these are special peers with convenience methods, and methods
specific to security. But a special set of templates could probably
be made to accomodate this.
Just trying to think of the best way to make a security app
resuable WRT any customizations that might want to be made
to the user schema.
In most cases would it simply be the user schema that
will want to be changed?
Is there already a recommended way to extend the existing
classes to make a different security system and accompanying
admin app?
---
These are notes from Rafal that I will integrate
From Rafal.Krzewski@e-point.pl Tue Jan 2 13:32:59 2001
Date: Tue, 02 Jan 2001 20:08:45 +0100
From: Rafal Krzewski <Rafal.Krzewski@e-point.pl>
To: jvanzyl@periapt.com
Subject: admin app
[ The following text is in the "iso-8859-2" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
user list has filtering control on top of the page.
You can chose login/first name/last name, etc and the pattern
(* will be changed into % before going into the LIKE query)
the links on the right should be:
'edit' or 'details' - takes you to the edit user screen
'roles' - take you to user-group-role edit screen
'remove' - ask for confirmation, and...
the second screenshot shows user-group association from OW
which would be user-group-role in Turbine.
we need a pulldown list for selecting a group at the to.
it should have 'global' group preselected.
The role-permission screen should look in a similar way.
Roles screen will be like users, it will have
<role name> [details] [permissions] [remove]
Groups will have
<group name> [details] [remove]
and permissions exactly as above...
Oh, there should also be 'add new' buttons (or better links)
in all list screens.