Component for Role Based Permissions in Flex
Filed Under (AIR, Chimp, Flex, RIA) by jonr on March-2-2009

I’ve posted a simple component, called Chimp, for doing role based permissions in Flex through metadata.  You can check it out at: http://code.google.com/p/flexible-chimp/. The quick overview is that you provide Chimp the user’s roles on start-up and then add meta data to the components for filtering what the user can see.

Here are the setup instructions:

1) Download and add the chimp.swc to your project library
2) Add compiler argument to keep necessary metadata:

-locale en_US -keep-as3-metadata+=Protected

3) Load the Chimp in your application. The Chimp must be loaded after role data is available, but before children are added:

Chimp.load(perms);

4) Add metadata to your Flex components:

[Protected(permissions="ROLE_ADMIN",notInPermissionAction="remove",componentId="this")]
[Protected(permissions="ROLE_UPDATE",inPermissionAction="enable",componentId="updateButton")]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • DZone
  • Digg
  • del.icio.us
  • Reddit
  • Facebook
  • LinkedIn
(10) Comments    Read More

Comments:
Al on March 2nd, 2009 at 8:44 pm #

Great work.

Any plans to add runtime role changes (e.g. login/logout)?

jonr on March 2nd, 2009 at 8:48 pm #

Possibly … although, it seems like every application approach that in different ways. Do you have an idea of how that could be generically implemented?

Al on March 2nd, 2009 at 9:39 pm #

Your right a generic solution isn’t easy. I guess using your metadata to autowire up some events to listen for role changes would work? The Swiz framework uses a similar technique to hook up the metadata: http://code.google.com/p/swizframework/source/browse/trunk/src/main/flex/org/swizframework/Swiz.as

jonr on March 2nd, 2009 at 11:43 pm #

I followed a lot of the things in Swiz for my approach … I don’t totally follow how I could use autowiring. However, It would seem pretty doable to listen for changes on the permissions ArrayCollection, and update the protected components based on the updates. I already create ChimpActions for each metadata entry. So, it should just be a matter of caching those (they have a reference to the components), and then applying the protection with the updated permissions. The only one that might get weird is the “remove” action, as there may be different results in adding the child back if it had already been removed (i.e. the child order could have changed since it was created). Any idea how I could handle that case?

Also, I am curious about the use case for this … the only thing I can come up with where this would be used is if permissions updates are being pushed out to the clients anytime they are updated. I guess this could be used for a log out. Although, it still seems like the application would need to do more than just use protected metadata for this case … then again maybe not. I could see these cases being used on occasion, but it would seem like there would be larger ramifications in this application for this sort of update. Are there other cases you are thinking of?

Al on March 2nd, 2009 at 11:58 pm #

Hmm, yes didn’t really think the ‘remove’ action through! Could use includeInLayout instead I guess.

As you rightly say the ramifications and complexity of trying to manage state and so on as roles change could be crazy.

Regardless, really cool work! Thanks for contributing it to the community.

jonr on March 3rd, 2009 at 12:49 am #

I think the includeInLayout idea will work … I am working on a bug that excludes nested components. So, I am not 100% sure it works for all types of components, but I think it will be a better way to remove components from view. I should have an update to post tomorrow.

jonr on March 5th, 2009 at 1:00 am #

Thanks for the suggestions … I have add them along with a few other updates: http://ectropic.com/wordpress/2009/03/05/flex-security-component-updates/.
Thanks!
-Jon

Roland Zwaga on June 22nd, 2009 at 12:21 am #

Not just login/logout fits this scenario, I have a use-case in which this is applicable as well. Namely a workflow system in which the current document’s status dictates the current user’s privileges, So if the user changes the document, which in turn changes its status, the server sends back a new list of user rights which are immediately applied to the UI. I went for the easier route and just use the ‘enabled’ property to turn UI on or off for the user.

Rick R on August 31st, 2009 at 12:36 pm #

This isn’t related to Chimp per-se, but can someone demonstrate (with real code) how a true logout is accomplished? Right now when you do channelSet.logout() this doesn’t allow you to login as a different user – you get “Cannot re-authenticate in the same session” error. I even tried adding in my flex:message-broker setup.

I’d like the behavior that I see in typical apps – if you logout and are presented with a login page, you can login as a different user. Using BlazeDS-Spring Integration any idea how to accomplish this? I posted for follow up on the blazeds-springintegration message boards but still waiting for a response.

Thanks a lot.

Baoming Chai on October 23rd, 2009 at 12:52 am #

Chimp is an execellent component. I am using it a lot, but it seems that Chimp cannot control the visibility of the child component in a ViewStack. When I was trying to use “removeChild”, I got an error:
Error #2025: The supplied DisplayObject must be a child of the caller.

My understanding is that Chimp listens on the event ADDED_TO_STAGE, but an ViewStack creates and added the children in the display list after the event ADDED_TO_STAGE is dispatched. So that error apears when Chimp tries to remove the child from the ViewStack.

Is there any suggestion?

Thanks,

BM

Post a comment
Name: 
Email: 
URL: 
Comments: