-- PedroRio - 26 Jan 2011

XEO Library OPL

As explained in the XEO Concepts's page, OPL (Object Policy Labeling) is a way to restrict access to a specific instance of a given object model, to only members of a specific group, or particular members.

The XEO Library will the have the following restrictions in terms of OPL.

LIB_Message:

  • Messages can only be read by the recipients
  • Only the creator of the message can change the message
  • Only the superuser can delete messages

LIB_Librarian

  • Only the superuser can create and delete librarians

LIB_User

  • Only the own user/super user can edit the user
  • Only the superuser can delete users.

With this in mind, recall that the Message XEO Model had a recipients attribute which was declared as a collection linked to an Ebo_Group or a to LIB_Librarian. What you need to do is open the LIB_Message Object Model, go to the OPL section, check the "active" option and add an "Attribute Key" of type Read (as depicted in figure LibOPL.1

Figure LibOPL.1 - Adding an Attribute Key to the LIB_Message Object Model.

In the detail panel, select the "recipients" attribute, like depicted in figure LibOPL.2

OPLDetails.png

Figure LibOPL.2 - Read Attribute Key for the recipients attribute

This will make it that only users that make part of the Ebo_Group or a specific LIB_Librarian can read the message. Add another Read Attribute Key for the CREATOR attribute now. The CREATOR attribute is a special attribute every instance has which holds the BOUI of the user that created that specific instance, with this we want to allow the creator of the message to be able to read it as well. Also, add a Delete and Full Control Attribute Key to SYS_USER.

In order to test this situation, create two instances of the LIB_Librarian Object Model (usernames: john.smith and peter.bishop and make add them to the Library profile) and create a new message using the SYSUSER account and make the recipient the user "peter.bishop". Logout of the application and login with the peter.bishop user, if you open the list of messages you'll see the message. If you now logout and login with the "john.smith" user no message will be displayed. The difference is depicted in figure LibOPL.3

OPLResult.png

Figure LibOPL.3 - Difference of the Messages List viewer for two users (one who should be able to read a particular message and another who shouldn't)

For the LIB_User Object Model add a "Write Attribute Key" for CREATOR, SYSUSER and a "Delete Attribute Key" to the SYSUSER.

For the LIB_Librairan Object Model do the exact samething.

This Concludes the Tutorial with the Library Application on the XEO Framework, go back the beggining of the XEO Documentation manual to read more about the XEO Framework.

Topic attachments
I Attachment Action Size Date Who Comment
PNGpng OPLDetails.png manage 4.0 K 2011-01-26 - 17:30 PedroRio  
PNGpng OPLResult.png manage 56.7 K 2011-01-26 - 18:34 PedroRio  
PNGpng StudioAddOPL.png manage 91.8 K 2011-01-26 - 17:21 PedroRio  

This topic: WebXEO > WebITDS > XeoPrimer > XEoLibraryOPL
Topic revision: r6 - 2011-04-04 - NicolauGrosskopf
 
This site is powered by the TWiki collaboration platform Powered by Perl

No permission to view TWiki.WebBottomBar