[Glass] Which path to follow to limit what an user can execute ?
BrunoBB via Glass
glass at lists.gemtalksystems.com
Wed May 20 07:52:45 PDT 2015
Hi All,
I have the following problem...
In my system you can import XPDL files generated with Bizagi
(http://www.bizagi.com/en/bpm-suite/bpm-products/modeler) and it uses Orbeon
forms (www.orbeon.com) to simulate each Bizagi task as an Orbeon form.
For example if you have a gateway in a process which split the path in two
different direction then you have to define a condition (inside Bizagi).
The condition looks like:
[:formProc | (formProc age > 18) and:[formProc amount < 10000]]
The argument (formProc) can be an instance of OrbeonFormInstance or
OrbeonFormProcess.
The result of the evaluation MUST be a boolean.
Until here there is NO problem, the system execute processes WITHOUT
problems (even subprocesses are supported).
But now i want control what the user can execute inside these Blocks that
are defined inside Bizagi.
For example:
[:formProc | OrbeonFormProcessDefinition removeAll].
>From the Process point of view there is no problem, the result is NOT a
boolean --> this process will be blocked.
But from Security point of view is a disaster because this will remove all
process instances and definitions in the system.
At first i thought that GsObjectSecurityPolicy will do the job. I define an
UserProfile ("seaside") and create a policy that only has read permission.
Then i use GsObjectSecurityPolicy(class)>>setCurrent:while: in order to
ensure that the operation is a read operation. Not sure what happend with
other sessions (other web users that are logged with the same UserProfile)
But now i'm thinking to use the Parser to check that all message that are
sent to the argument (formProc) and forbid the import of Bizagi models that
fail this check.
Now i'm checking the Parse and how to implement this...
But what do you think about this problem ? Is there any other possible
solution ?
Regards,
Bruno
--
View this message in context: http://forum.world.st/Which-path-to-follow-to-limit-what-an-user-can-execute-tp4827662.html
Sent from the GLASS mailing list archive at Nabble.com.
More information about the Glass
mailing list