Class UiPermissions

java.lang.Object
edu.internet2.middleware.grouper.ui.UiPermissions
All Implemented Interfaces:
Serializable

public class UiPermissions extends Object implements Serializable
New in 1.2.1, a general means of specifying UI privileges. Initially implemented to allow selection of menu items, but hopefully will have wider application. Configured through resources/grouper/ui-permissions.xml (if present)
<ui-permissions>
<virtual-groups>
<virtual-group name="HighlyPrivileged">
<group name="qsuob:admins"/>
</virtual-group>
</virtual-groups>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="HighlyPrivileged" is="false"/>
</permissions>
</ui-permissions>
if-member-of can be an actual group name. If using virtual groups, if-member-of evaluates to true if the current Subject is a member of any of the nested groups. In the example shown, members of qsuob:admins do not get the Manage Groups menu item. Manage Groups does not currently scale well for a Subject who has privileges over thousands of groups.

NB. The format above is illustrative. In the case shown it is not necessary to use a virtual group. The following would have worked just as well:

<ui-permissions>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="qsuob:admins" is="false"/>
</permissions>
</ui-permissions>

Version:
$Id: UiPermissions.java,v 1.4 2009-08-12 04:52:14 mchyzer Exp $
See Also: