On Tue, Aug 2, 2011 at 8:14 AM, <christian.mueller@anonymised.com> wrote:
Working on the new admin gui for user/group/roles I am getting confused
about the RoleFormComponent.java implementation.
The new GSOC implementation sees roles as own entities, these roles can be
associated with users and groups, so far, so good.
The RoleFormComponent has a button "add" to add new roles on the fly. I
wanted to remove this button since there are new pages called
NewRolePage.java and EditRolePage.java.
But I had to stop here since RoleFormComponent.java is also used for
associating roles with data and services. Further investigations show some
strange behavior.
I did:
"Data Security" -> "Add new rule" and added a new role ROLE_TEST,associated
this role with the workspace "cite" and clicked save.
Afterwards, I wanted to create a second rule, expecting ROLE_TEST in the
"Available" list box. The role is not there, since the available roles are
read from the GeoServerUserDao object.
Next, the listing produced from DataAccessRulePage.java shows the new rule
and the new role, but if I want to edit this rule, the new role is gone ???
Summary:
"Data Security" and "Service Security" offer the possibility to invent roles
which are stored in services.properties or layers.property. This rules are
not shown if you want to edit the rule again of if you want to create a new
rule using one of these roles.
In my opinion, we should remove the add new role link, there is an own page
for this now. Additionally, for a smart migration, I have to scan
services.properties and layers.properties to find such roles.
Opinions ?
Works for me if there is no other way, even if it makes configuring the
system more cumbersome, you have to do things in a given order or
do a lot of back and forth.
In the current system roles are an attribute of users, they cannot be
added around to services without having any users with that role, which
as you notice is still confusing since you cannot add roles from
the services or catalog page.
With the new system we're going to have a separate role page.
Fine, but it would be nicer to be able to add roles from whatever page,
be it users, services or whatever.
As a reference look at one of the most criticized workflow in the current
GeoServer, the layer and style one.
You naturally create a layer. Then you want to add a style for it, you
have to go back to styles... and then go back to the layer to associate
it. I personally can barely stand it, the only reason I did not change it
already is because I don't get to "use" geoserver a lot, but every time
I do it really makes me feel miserable.
I would be much better to have a "add new style" button in the layer
page, that circles back to the layer page once you've confirmed, and
a "associate to layer" action in the style page to, in case a style has
to be associated to different layers.
We have a number of quite sub-optimal work flows in the GUI,
if you cannot avoid it let's go as you describe, but if you have time
please let's avoid adding another workflow that makes the user
stumble around in the GUI like a decapitated chicken :-p
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------