isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Cameron <>
Subject Re: Tenancy restriction - entity that relates to more than one Other entity.
Date Thu, 30 Nov 2017 20:49:56 GMT
I think that making use of a custom ApplicationUser (explained in the
security module notes) with a property practice may be necessary.

Then Practioners would either log in as a specific user depending on what
practice they are working at, or you might be able to make a switch happen
behind the scenes, such that they always login as one application user,
with only 1 menu option allowing them to choose a practice and the system
switches their application user to a practice specific generated user with
a role giving full menu access.

On Fri, Dec 1, 2017 at 1:58 AM, Patrick Pliessnig <>

> Hi Nikhil
> I guess this ultimately relates to the question how a practice knows about
> its patients and the related access path.
> With tenancy the answer is: the patients are the ones with access rights
> for the practice.
> Maybe you could use a practice attribute 'practicePatients'. Then the
> answer is: the patients are the ones that use the services of the practice.
> (Many to many).
> Patrick
> Am 30.11.2017 12:58 nachm. schrieb "Nikhil Dhamapurkar"
> <nikhil.dhamapurkar@
> Hi,
> I am working on supporting Multi Tenancy in Apache ISIS I have tried both
> 1) ApplicationTenancyEvaluator and 2) HasAtPath interfaces to control what
> the  logged in user can see or execute.
> I have been able to make them work to an acceptable state but I face issue
> when I come across collections that are part of the entity I am evaluating.
> My Domain model has Patient  / Practitioner entity both these entity can be
> associated with Different Practices at the same time.
> Example :    PractitionerA belongs to PracticeA and PracticeB both, logged
> in User has “Role” to Access PracticeA.
> Issue with ApplicationTenancyEvaluator : since Practitioner and Practice
> have many to many relation even if the role has access to only one practice
> I’ll end up displaying PracticeB on wicket viewer which I want to prevent,
> Is it possible ?
> Issue with HasAtPath :
> I am creating  Path programmatically with pattern as :
> ORG/org/PRACTICE/<practiceName>/  pattern which models a tree, then I can
> control user access to more than one Patient data if user at path is
> /ORG/org Or restrict  access to one practice  /ORG/org/PRACTICE/practiceA
> If the Patient Entity is associated with more than one practice My logic
> will Break as I would not know what should be the context for the for
> ORG/org/PRACTICE/<WhatShouldBeHere?>
> Does anyone have a better solution to tackle tenancy for a Collection
> within an entity?
> Regards
> Nikhil

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message