Comments on: Component for Role Based Permissions in Flex

By: Jarsong Chang

Jarsong Chang — Mon, 15 Mar 2010 20:02:48 +0000

yes. we are using it with flex3.

any time frame in mind for flex4?

Thanks!

By: jonr

jonr — Wed, 10 Mar 2010 18:40:15 +0000

Possibly, are you currently using it with Flex 3?

By: Jarsong Chang

Jarsong Chang — Thu, 04 Mar 2010 21:37:53 +0000

any plan to make chimp work in flex4?

By: Baoming Chai

Baoming Chai — Fri, 23 Oct 2009 07:52:02 +0000

Chimp is an execellent component. I am using it a lot, but it seems that Chimp cannot control the visibility of the child component in a ViewStack. When I was trying to use “removeChild”, I got an error:
Error #2025: The supplied DisplayObject must be a child of the caller.

My understanding is that Chimp listens on the event ADDED_TO_STAGE, but an ViewStack creates and added the children in the display list after the event ADDED_TO_STAGE is dispatched. So that error apears when Chimp tries to remove the child from the ViewStack.

Is there any suggestion?

Thanks,

By: Rick R

Rick R — Mon, 31 Aug 2009 19:36:00 +0000

This isn’t related to Chimp per-se, but can someone demonstrate (with real code) how a true logout is accomplished? Right now when you do channelSet.logout() this doesn’t allow you to login as a different user – you get “Cannot re-authenticate in the same session” error. I even tried adding in my flex:message-broker setup.

I’d like the behavior that I see in typical apps – if you logout and are presented with a login page, you can login as a different user. Using BlazeDS-Spring Integration any idea how to accomplish this? I posted for follow up on the blazeds-springintegration message boards but still waiting for a response.

Thanks a lot.

By: Roland Zwaga

Roland Zwaga — Mon, 22 Jun 2009 07:21:38 +0000

Not just login/logout fits this scenario, I have a use-case in which this is applicable as well. Namely a workflow system in which the current document’s status dictates the current user’s privileges, So if the user changes the document, which in turn changes its status, the server sends back a new list of user rights which are immediately applied to the UI. I went for the easier route and just use the ‘enabled’ property to turn UI on or off for the user.

By: jonr

jonr — Thu, 05 Mar 2009 08:00:29 +0000

Thanks for the suggestions … I have add them along with a few other updates: http://ectropic.com/wordpress/2009/03/05/flex-security-component-updates/.
Thanks!
-Jon

By: jonr

jonr — Tue, 03 Mar 2009 07:49:25 +0000

I think the includeInLayout idea will work … I am working on a bug that excludes nested components. So, I am not 100% sure it works for all types of components, but I think it will be a better way to remove components from view. I should have an update to post tomorrow.

By: Al

Al — Tue, 03 Mar 2009 06:58:42 +0000

Hmm, yes didn’t really think the ‘remove’ action through! Could use includeInLayout instead I guess.

As you rightly say the ramifications and complexity of trying to manage state and so on as roles change could be crazy.

Regardless, really cool work! Thanks for contributing it to the community.

By: jonr

jonr — Tue, 03 Mar 2009 06:43:54 +0000

I followed a lot of the things in Swiz for my approach … I don’t totally follow how I could use autowiring. However, It would seem pretty doable to listen for changes on the permissions ArrayCollection, and update the protected components based on the updates. I already create ChimpActions for each metadata entry. So, it should just be a matter of caching those (they have a reference to the components), and then applying the protection with the updated permissions. The only one that might get weird is the “remove” action, as there may be different results in adding the child back if it had already been removed (i.e. the child order could have changed since it was created). Any idea how I could handle that case?

Also, I am curious about the use case for this … the only thing I can come up with where this would be used is if permissions updates are being pushed out to the clients anytime they are updated. I guess this could be used for a log out. Although, it still seems like the application would need to do more than just use protected metadata for this case … then again maybe not. I could see these cases being used on occasion, but it would seem like there would be larger ramifications in this application for this sort of update. Are there other cases you are thinking of?