isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Cameron <>
Subject Re: Tenancy restriction - entity that relates to more than one Other entity.
Date Thu, 30 Nov 2017 22:07:50 GMT
Or, maybe just switching the role and setting a practice value after
logging in, then you have to switch the role back to the simple 'login' one
on logout, so that the next time they login they'll see that simple
practice selection menu again.

On Fri, Dec 1, 2017 at 7:49 AM, Stephen Cameron <>

> I think that making use of a custom ApplicationUser (explained in the
> security module notes) with a property practice may be necessary.
> Then Practioners would either log in as a specific user depending on what
> practice they are working at, or you might be able to make a switch happen
> behind the scenes, such that they always login as one application user,
> with only 1 menu option allowing them to choose a practice and the system
> switches their application user to a practice specific generated user with
> a role giving full menu access.
> On Fri, Dec 1, 2017 at 1:58 AM, Patrick Pliessnig <>
> wrote:
>> Hi Nikhil
>> I guess this ultimately relates to the question how a practice knows about
>> its patients and the related access path.
>> With tenancy the answer is: the patients are the ones with access rights
>> for the practice.
>> Maybe you could use a practice attribute 'practicePatients'. Then the
>> answer is: the patients are the ones that use the services of the
>> practice.
>> (Many to many).
>> Patrick
>> Am 30.11.2017 12:58 nachm. schrieb "Nikhil Dhamapurkar"
>> <nikhil.dhamapurkar@
>> Hi,
>> I am working on supporting Multi Tenancy in Apache ISIS I have tried both
>> 1) ApplicationTenancyEvaluator and 2) HasAtPath interfaces to control what
>> the  logged in user can see or execute.
>> I have been able to make them work to an acceptable state but I face issue
>> when I come across collections that are part of the entity I am
>> evaluating.
>> My Domain model has Patient  / Practitioner entity both these entity can
>> be
>> associated with Different Practices at the same time.
>> Example :    PractitionerA belongs to PracticeA and PracticeB both, logged
>> in User has “Role” to Access PracticeA.
>> Issue with ApplicationTenancyEvaluator : since Practitioner and Practice
>> have many to many relation even if the role has access to only one
>> practice
>> I’ll end up displaying PracticeB on wicket viewer which I want to prevent,
>> Is it possible ?
>> Issue with HasAtPath :
>> I am creating  Path programmatically with pattern as :
>> ORG/org/PRACTICE/<practiceName>/  pattern which models a tree, then I can
>> control user access to more than one Patient data if user at path is
>> /ORG/org Or restrict  access to one practice  /ORG/org/PRACTICE/practiceA
>> If the Patient Entity is associated with more than one practice My logic
>> will Break as I would not know what should be the context for the for
>> ORG/org/PRACTICE/<WhatShouldBeHere?>
>> Does anyone have a better solution to tackle tenancy for a Collection
>> within an entity?
>> Regards
>> Nikhil

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message