Return-Path: <users-return-5615-archive-asf-public=cust-asf.ponee.io@isis.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 48D8D2004A1
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 24 Aug 2017 10:34:23 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 4749916A94E; Thu, 24 Aug 2017 08:34:23 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 6413216A94A
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 24 Aug 2017 10:34:22 +0200 (CEST)
Received: (qmail 95880 invoked by uid 500); 24 Aug 2017 08:34:21 -0000
Mailing-List: contact users-help@isis.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@isis.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@isis.apache.org>
List-Post: <mailto:users@isis.apache.org>
List-Id: <users.isis.apache.org>
Reply-To: users@isis.apache.org
Delivered-To: mailing list users@isis.apache.org
Received: (qmail 95862 invoked by uid 99); 24 Aug 2017 08:34:20 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Aug 2017 08:34:20 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id E1DE3C0334
	for <users@isis.apache.org>; Thu, 24 Aug 2017 08:34:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 3.579
X-Spam-Level: ***
X-Spam-Status: No, score=3.579 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, KAM_COUK=1.1,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key)
	header.d=haywood-associates-co-uk.20150623.gappssmtp.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id HEwwEInw5o46 for <users@isis.apache.org>;
	Thu, 24 Aug 2017 08:34:17 +0000 (UTC)
Received: from mail-ua0-f177.google.com (mail-ua0-f177.google.com [209.85.217.177])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 201AD5F46F
	for <users@isis.apache.org>; Thu, 24 Aug 2017 08:34:17 +0000 (UTC)
Received: by mail-ua0-f177.google.com with SMTP id g11so8581609uah.0
        for <users@isis.apache.org>; Thu, 24 Aug 2017 01:34:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=haywood-associates-co-uk.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=Sw/l3uW8rh0LZ7vsBJfW/rGuw/TbW2dw0ct/oIRC/aw=;
        b=laTIC/gOKXniQkOzja1uwlyz6N6ch9PC11z6CMv0Ps+WI5dKIQU/J+hr4A1xdVyfFM
         EFpV/dRDaUoHx1z6YXH1lfFRcKbO/2RQ2aVdxRuMpFbIiDgfD/J4cL9VZqdESnMXYfCK
         dtodNMnNDI2gA7TGaPMx8Yw5tBgrxzNwXajxEOYMGgi0rV3Pe1Tj3+LbqA5M7nbA/0p0
         qFOu+0zuuSJzqcIdQO+jkZPYcVu5/gPGbKPKvrrEfCAHgPGz8kClOWRcAcE2q6kDk5uz
         Okc8d/pT2rH/fHX2YNCl1lD0EHQTi26OoCkUxaLxdnbVXUqd6uS6BX1bglhGyPADL/PX
         FGhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=Sw/l3uW8rh0LZ7vsBJfW/rGuw/TbW2dw0ct/oIRC/aw=;
        b=KSx2lc5EeOMz6BJKgaAwhHvcgVlhtsH9w6pn6wpctU5kEr/l569UI/WwTiP4l5+ADZ
         rK64kamzBfLJXohD3ZMUOJuzbqTQyL4wckbRFDMuGeRSdGbkrK3p7nGwiwJSa/nQmmCg
         RqPdZzjBj67wy6a7PSN7rfpkN57h7NAfJnkYDf3geYeE6VQlHTdNl4yBm3xFhLSw8tOK
         TTNb1f5kXyq1+MxQFA++gLLfLk/9qCqiclUxpCHBoalrpcg3PTRyIvAZlgsYdX0Wg6Wu
         xlq4ZJrIgv4FwFWhuR45jDEhsxp5n5e5ZPOOG/CiXBsCM2iKWfdshCfEXvS3QYD1JvNg
         j7HQ==
X-Gm-Message-State: AHYfb5i07SwCQWQr21opt3V014Q5k05kRADkutgQVh6o7BCygexjAC0c
	Fx21I2ZUhsGfXp2kAbgnqDqFkkeWbVyXtbA=
X-Received: by 10.159.33.232 with SMTP id 95mr4033226uac.1.1503563656026; Thu,
 24 Aug 2017 01:34:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAG=ut6KTmSH5nSPGL95j6WLm71D1Nmv9hjntyBvasns=yGqftw@mail.gmail.com>
 <1E2EF628-D16C-44BB-89FA-761578694FA7@kmz.co.za> <CAG=ut6JiLJ-G1Ud=1qWvHjMs2i_U3n0-oSkeaD59TLb6Owfj9w@mail.gmail.com>
In-Reply-To: <CAG=ut6JiLJ-G1Ud=1qWvHjMs2i_U3n0-oSkeaD59TLb6Owfj9w@mail.gmail.com>
From: Dan Haywood <dan@haywood-associates.co.uk>
Date: Thu, 24 Aug 2017 08:34:04 +0000
Message-ID: <CALJOYLHgj5ckahYPm2ujHJj8UCiMN8XFfgdj4z4AxzPhuSb=mA@mail.gmail.com>
Subject: Re: Can I make a specific class instance editable, all others not?
To: users@isis.apache.org
Content-Type: multipart/alternative; boundary="001a1135df1a9d8b6c05577bb144"
archived-at: Thu, 24 Aug 2017 08:34:23 -0000

--001a1135df1a9d8b6c05577bb144
Content-Type: text/plain; charset="UTF-8"

Hi Steve,
As you point out, the user/role/permissions system of the security module
is class-based, not instance-based.

However, the security module also supports application tenancies.  So you
could support these use case by defining an ApplicationTenancy for each
user, and then associating their ApplicatoinUser with that same
ApplicationTenancy.

For example,

ApplicationUser "bill" has associated ApplicationTenancy "/people/bill"
ApplicationUser "mary" has associated ApplicationTenancy "/people/mary"
ApplicationUser "superuser" has associated ApplicationTenancy "/"  (global)

The out-of-the box ApplicationTenancyEvaluator would prevent bill from even
seeing mary's user, and vice-versa, while "superuser" would be able to see
and modify both.  However, you can provide a custom implementation of an
evaluator that could do any other rules.

One limitation of the security module is that ApplicationTenancy is an
entity, so you will end up with these extra objects.  We've been discussing
simply dropping this entity, so that a application tenancy path ("atPath")
is simply a label.

~~
An alternative approach would be to implement some sort of subscriber that
would veto all edits for each user unless they are looking at their own
object.  you can use the security module's MeService for that, I think (or
Isis' UserService otherwise).

HTH
Dan





On Thu, 24 Aug 2017 at 08:54 Stephen Cameron <steve.cameron.62@gmail.com>
wrote:

> On Thu, Aug 24, 2017 at 4:17 PM, Kevin Meyer <kevin@kmz.co.za> wrote:
>
> > Hi Steve,
> >
> > Why not use the isis-addons security module to only authorise users to
> > edit their own profile?
> >
>
> Oh, apologies, that is what I am using, but I think that if you have
> permission to edit your own profile you can edit anyones if you get access
> to it. The editing permission is on that class.
>
> I am using the MyApplicationUser class to represent people in my domain
> model, so that leads to the problem. But I want to have people self
> register (which the security module provides) and then optionally be given
> extra roles to enable them to do more than just edit their own profile.
>
>
> > In the past, I have implemented such security directly in the domain
> > objects by using the isVisible() and disabled() methods on actions (or
> > class level, depending) and then working with the session username...
> >
>
> If I could get a class level disabled to work that would be a solution, but
> am now thinking a view-model approach is more flexible. I never make a
> reference to a MyApplicationUser instance public (visible), and provide a
> view-model of it instead. All except where I allow access to the current
> users profile.
>
> >
> > Cheers,
> > Kevin
> >
> > On 24 August 2017 06:14:47 CEST, Stephen Cameron <
> > steve.cameron.62@gmail.com> wrote:
> > >Hi,
> > >
> > >I have implemented and extended version of ApplicationUser class called
> > >MyApplicationUser to allow users to add more information to their
> > >'profile'
> > >in my web-app. They self-enrol (via initial entry of an email address,
> > >then
> > >following a link in a email sent to that address [1] ) and then add
> > >more
> > >details once they've created a user account.
> > >
> > >I now make use of the class MyApplicationUser more widely in the
> > >application but this leads to the problem that one user can modify the
> > >profile of another. Using the security module we can make all classes,
> > >instances of a class VIEWING or CHANGING. It must be the later to be
> > >able
> > >to change their own record, but generally it should be VIEWING only. Is
> > >there a way to achieve this.
> > >
> > >My alternative is to make use of the MyApplicationUser entity but to
> > >display its property values as a read-only view-model when necessary,
> > >that
> > >is, as a derived property. At the moment, I am having some problems
> > >with
> > >this approach in terms of displaying collections of MyApplicationUser
> > >as
> > >collections (of more view models) in the view-model class.
> > >
> > >I was creating my view-model as a wrapper around a persistent entity,
> > >it's
> > >worked in the past but not working in this case, with some strange
> > >effects,
> > >like "Failed title". So setting actual properties in the view-model
> > >class
> > >(rather than making all getters call a getter of the wrapped object)
> > >might
> > >be necessary to take full advantage of session caching of view model
> > >instances?
> > >
> > >I think using the view model approach might be the solution.
> > >
> > >Cheers
> > >Steve
> >
> > --
> > Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

--001a1135df1a9d8b6c05577bb144--