[Chameleon] authorisation

Paul Spencer pspencer at dmsolutions.ca
Wed Sep 28 08:37:06 EDT 2005 

Bart,

I'm interested in adding this to Chameleon as a general capability.   
It would be nice if we could adapt the existing authentication stuff  
to have fine-grained control but if that makes it too complicated  
then an alternate solution would be acceptable.

What I would like to see is a bug started for this and something that  
sort of follows the mapserver RFC format since this change could have  
potentially far reaching impact.  In particular, I would like to know  
which files will be changed and how they will be changed.

Also, you should know that we will be starting into a release cycle  
for a 2.4 version to be released in December so this change may not  
make it into the next release version depending on timing.  I'm  
flexible on this, however :)

Cheers

Paul

On 28-Sep-05, at 2:31 AM, Bart van den Eijnden wrote:

> Hi list,
>
> I have been thinking a while about how to add authorisation  
> capabilities to Chameleon since this is one of the major things  
> missing from the Chameleon core, and I wanted to see if other  
> people have been thinking about this and what their thoughts are.
>
> As a use case, I would want to have different Chameleon portals for  
> different groups of people, without having to copy sites.
>
> For instance, if a user belongs to a certain group, it should not  
> see certain widgets (or they should be disabled, that's a choice to  
> be made). Other things that come into play are, seeing a different  
> set of map layers.
>
> This would mean changes to the UIManager I guess, which needs to  
> check in a database (could be sqlite just as for the authentication  
> stuff) if a widget should be visible/enabled in the user's template.
>
> Also, every user group would have a MAP file associated with them.  
> Right now the application has to set the right mapfile argument for  
> the CWCInitialize function. If we want to keep this this way, the  
> index.phtml file would have to take care of setting the right MAP  
> file. Or this responsibility could be moved into Chameleon.php. For  
> instance, if the application developer just gives a MAP file as the  
> second argument, the normal processing will take care, if the MAP  
> file argument is empty, the right MAP file is looked up in a  
> database table (assuming the UIManager can access the rights object  
> of the user to check his rights).
>
> Some of the widgets would need to get adapted, for instance the  
> XMLThemeLegend widget, but this could be as simple as not showing  
> themes and groups which cannot be found in the MAP file (maybe this  
> is already the current behaviour of this widget?). So you have a  
> master themes.xml for all layers which can be present, and changing  
> the MAP file would be enough for changing what the user will see in  
> the XMLThemeManager.
>
> Am I missing things which would need to be done? Paul, would you be  
> interested in having something like this in the Chameleon core?
>
> Best regards,
> Bart
>
> Bart van den Eijnden
> Syncera IT Solutions
> Postbus 270
> 2600 AG  DELFT
>
> tel.nr.: 015-7512436
> email: BEN at Syncera-ITSolutions.nl
>
> _______________________________________________
> Chameleon mailing list
> Chameleon at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/chameleon
>

+-----------------------------------------------------------------+
|Paul Spencer                           pspencer at dmsolutions.ca   |
+-----------------------------------------------------------------+
|Applications & Software Development                              |
|DM Solutions Group Inc                 http://www.dmsolutions.ca/|
+-----------------------------------------------------------------+

More information about the Chameleon mailing list