TWiki> WebXEO Web>XeoPrimer>XEoLibraryOPL (revision 2)EditAttach
Tags:
create new tag
, view all tags
-- PedroRio - 26 Jan 2011

XEO Library OPL

As explained in the XEO Concepts's page, OPL (Object Policy Labeling) is a way to restrict access to a specific instance of a given object model, to only members of a specific group, or particular members.

The XEO Library will the have the following restrictions in terms of OPL.

LIB_Message:

  • Messages can only be read by the recipients
  • Only the creator of the message can change the message
  • Only the superuser can delete messages

LIB_Librarian

  • Only the superuser can create and delete librarians

LIB_User

  • Only the own user/super user can edit the user
  • Only the superuser can delete users.

With this in mind, recall that messages had a recipients attribute which was declared as a collection which could be linked to Ebo_Group or a to LIB_Librarian. What you need to do is open the LIB_Message Object Model, go to the OPL sectionand check the "active" option and add a "Attribute Key" of type Read (as depicted in figure LibOPL.1

Figure LibOPL.1 - Adding an Attribute Key to the LIB_Message Object Model.

In the detail panel, select the "recipients" attribute, like depicted in figure LibOPL.2

OPLDetails.png

Figure LibOPL.2 - Read Attribute Key for the recipients attribute

This will make it that only users that make part of the Ebo_Group or a specific LIB_Librarian can read the specific message. Add another Read Attribute Key for the CREATOR attribute now. The CREATOR attribute is a special attribute every instance has which holds the BOUI of the user that created that specific instance, with this we want to allow the creator of the message to be able to read it as well. Also, add a Delete and Full Control Attribute Key to SYS_USER.

In order to test this situation, create two instances of the LIB_Librarian Object Model (usernames: john.smith and peter.bishop and make add them to the Library profile) and create a new message using the SYSUSER account and make the recipient the user "peter.bishop". Logout of the application and login with the peter.bishop user, if you open the list of messages you'll the message. If you now logout and login with the "john.smith" user no message will be displayed. The difference is depicted in figure LibOPL.3

OPLResult.png

Figure LibOPL.3 - Difference of the Messages List viewer for two users (one who should be able to read a particular message and another who shouldn't)

For the LIB_User Object Model add

Topic attachments
I Attachment Action Size Date Who Comment
PNGpng OPLDetails.png manage 4.0 K 2011-01-26 - 17:30 PedroRio  
PNGpng OPLResult.png manage 56.7 K 2011-01-26 - 18:34 PedroRio  
PNGpng StudioAddOPL.png manage 91.8 K 2011-01-26 - 17:21 PedroRio  
Edit | Attach | Print version | History: r6 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2011-01-26 - PedroRio
 

No permission to view TWiki.WebTopBar

This site is powered by the TWiki collaboration platform Powered by Perl

No permission to view TWiki.WebBottomBar