[ic] Admin UI menu permission setting
Chris Keane
chris.keane at zzgi.com
Mon Aug 4 18:44:41 UTC 2008
I've just spent the morning digging into the admin UI menu system
specifically looking into how the permission model works. Actually,
specifically looking at how to exclude 2nd and 3rd level menu items
based on advanced mm settings.
The system as built provides the ability to exclude Top level menu items
by including an mm setting in the depends_on field. For the Top level
items, the UI STD_HEAD takes the depends_on field and submits it to the
menu tag as a ui_security parameter.
For 2nd and 3rd level menus, the depends_on field is sent as a
depends_on parameter.
So, the menu depends_on field is doing kind of double duty, which is
fine if you only want to include/exclude Top level menu items based on
mm settings. However, I'd really like to have more flexibility over the
2nd and 3rd level menus using mm settings AND depends_on CGI variables.
So I thought about how to accomplish that by modifying the UI_STD_HEAD
code to do a ui_security check for each 2nd/3rd level item... and
couldn't immediately come up with anything that wouldn't require
changing the menu system schema by adding a security field (rather than
using the depends_on field for double duty).
The quickest and easiest hack I could come up with was to modify Menu.pm
and change the depends_on sub definition to check whether we're
passing a security request or a CGI presence check request.
It was:
-----------------------------
depends_on => sub {
my ($row, $fields) = @_;
return 1 if ref($fields) ne 'ARRAY';
my $status = 1;
for(@$fields) {
next if ! $row->{$_};
$status = $status && $CGI::values{$row->{$_}};
}
return $status;
},
Now, it's:
------------------------------
depends_on => sub {
my ($row, $fields) = @_;
return 1 if ref($fields) ne 'ARRAY';
my $status = 1;
for(@$fields) {
next if ! $row->{$_};
if ($row->{$_} =~ s/^security://) {
$status = $status && Vend::Tags->if_mm('advanced', $row->{$_});
} else {
$status = $status && $CGI::values{$row->{$_}};
}
}
return $status;
},
All it does is check if the supplied depends_on starts with 'security:'
and if it does submits it to the UI security system rather than checking
if the CGI variable was submitted.
I don't know if this is a reasonable approach... did I come at this from
the wrong direction? Is there a better was to approach this problem that
I missed?
Chris.
More information about the interchange-users
mailing list