As usual, Smashing Magazine has another great article full of examples regarding web design. This one in particular focuses on the use of icons in web design (and web applications).
User experience is an important aspect of any web application and ours is no exception. Without a web design / user experience expert on our team, we all have to keep these concerns in mind when working on our applications.
The updated ACL has a new feature, called ‘Ask’, that can answer any access related question!
Using the ‘Ask’ feature is incredibly simple. The Ask interface is a simple form in the ACL analysis page. All a user has to do is type in a question in the form, click ‘Ask’, and wait for the appropriate response!
eg. If you want to know if user ‘john.smith’ has access to resource ‘res/files/finance’, just ask:
‘Is john.smith allowed to access res/files/finance ?’
and, like magic, the answer will be returned!
Fig. 1 - Ask a question, get an answer!
Several other improvements have been made to the ACL system and the ACL management interface during the development of the Admissions web application for the Open Campus. The improved UI now supports the addition users to role groups, rule management and role graph visualization.
Fig. 2 - Rule Management
Also, the utility functions for rebuilding the page resource tree and clearing the cache have been moved into an new utilities tab.
Fig. 3 - Role Graph
Next feature to be built will be a role manager, which would finally allow definition of roles with multiple parent roles.
You really, really need to read this.
http://www.smashingmagazine.com/2009/02/10/10-harsh-truths-about-corporate-websites/
An interesting article about the differences between designing for a website and designing for a web application.
Its a bit dated (2003) but the author clearly has good insight into the topic, and speaks from experience as someone with a background in web design faced with designing user interfaces for applications.
http://www.digital-web.com/articles/user_interface_design_for_web_applications/
For 2009, we had decided to post at least one entry in the blog each month. Its January 31st now, and our blog has not had a new entry since 2008. This makes me sad.
Unfortunately this could not be avoided, as we’ve been swamped with work since the start of the year, contending last minute registration date extensions, adding exam functionality and rolling out a new finance module in the OCMS. No surprise, the OCMS is still under development.
Anyway, all this coupled with development on a new admissions web application has left very little time for blogging (in fact I am at the office right now, working on the application that has to go on the beta server tomorrow) so hopefully we will have a proper blog post up in early February.
I have used Windows since DOS and Windows 3.1 days in the 90’s to Vista even today, with practically no experience in Linux. Before I joined the development team, I had never, ever used the Mac OS.
Anyway, before I joined the development team, I was working on my Dell Inspiron 1520 running OEM Vista which was the setup for working on Java and PHP web applications as a freelance software developer.
For coding I used the NetBeans IDE for my heavy Java development and JCreator for lighter Java programs, and Notepad++ for PHP, XHTML, JS, CSS, LUA etc. For web servers I used Tomcat and Apache. Tomcat came bundled in Netbeans, and Apache came in XAMPP. Databases used were MySQL (which also came in XAMPP) and Oracle 10g Express Edition. For general office work, I used MS Office. Most of my media work was images for websites or reports or other documents. For this I used Adobe Photoshop.
Like Anil, when I joined the development team, I was given a Dell Latitude D630 laptop with Windows Vista on it, so I migrated my setup to that machine. After a while, around April of this year I think, the dev team gave me a MacBook with OS X 10.5. With a lot of help and advice from Reiza and Christian, I built up a new development setup during the 7-8 months I used the MacBook for my development work. At the end, my environment looked like this:
Since I almost always work with PHP, XHTML, XML, JS, CSS and SQL these days I code using TextMate, which will also support many other formats. I also have NetBeans for Mac, but I dont use it much these days. Web and database servers I use MAMP which, like XAMPP, has Apache and MySQL servers ready to go. For general office work, I use iWork 2008. Open Office and MS Office 2008 are also available for Mac, but so far iWork does everything I need. For image work I have returned to Adobe Photoshop, but I also use Skitch (also, Leopard’s screen shot features are awesome). The development team uses SVN for versioning, so I use Versions for accessing our SVN. Other apps I use are Transmit for S/FTP, Parallels Desktop for running Windows XP (for IE testing, Oracle 10g, etc.) and Safari and Opera.
Earlier this month I replaced my MacBook with a newer machine and I have kept the Mac OS setup described above. Although I hardly use Windows anymore, I still have a copy of Windows XP running in Parallels on my Mac.
I came across an interesting blog post over at Particle Tree about the effect your tools (ie. development environment) has on your work.
I can attest to this (hence the shameless div) and, seeing as how Anil has a MacBook now, I think its a post worth checking out. It even has a bit from J.J. Abrams explaining why he uses Apple products.
The new ACL now uses reflection to build its page resources. Previous versions used the page table to build these resources. Why the change? Because the previous method was error prone and did not reflect (sorry) any changes in the web application quickly enough.
The new method of updating page resources involves building a list of all actions found using reflection, then creating page resources for each of these actions. The acl_resource table is then updated with any new page resources, so that it mirrors the new web application structure. Optionally, the acl_resource table can also be cleared of all page resources before being updated.
Since the new ACL no longer uses the pages table, the database must be primed for it to work. This is done by using the dev.forceAclReload config option, and only has to be done once to insert page resources into the database. Using dev.forceAclReload removes all page resource rows from the database exclusively, so it will not remove other resource types (such as calendar), and uses reflection to insert new page resource rows. Once primed, new page resource rows can be added to the existing database by using the ‘update page resource tree’ button in the access page.
While the OCMS ACL had always used the very powerful Zend_Acl class from the Zend Framework, the support for multiple role inheritance was not available due to our ACL’s inability to load the necessary data from database. However, the ACL in R440 now has support for multiple role inheritance, and the new analysis page can determine and display inherited rules both via resource rule inheritance and role parent/ancestor rule inheritance (yes, I know - amazing!).
So how does this work? Well the ACL allows roles to have zero, one or multiple parents, so the role inherits the rules applied to the roles parents, if any.
To show how this works, lets suppose we have the following four roles:
And this resource tree:
The default rule does not allow any role to access the resource tree root. Due to resource rule inheritance, this rule will also apply to every resource in the resource tree. With this in mind we define these rules (note that we do not define any rule for the ’support’ role):
When we load these rules into the ACL and use the analysis tool, we get the following results:
Fig. 1 - Access analysis for staff role
The results in Fig. 1 are not surprising; We explicitly set a rule for the staff role and that resource. This demonstrates the most basic form rule definition in access control.
Fig. 2 - Access analysis for technician role
The results in Fig. 2 are equally boring; We explicitly set a rule for the technician role and that resource. Again, a vanilla rule.
Fig. 3 - Access analysis for support role
Now, according to the results in Fig. 3, the support-staff role has effective rules applied to it. However, no rules were explicitly defined for this role at all. The results show that the permissions were inherited from the staff and technician roles. Very tasty, but what if we define a rule in a child role as well? This is what we did for the exam-staff role.
Fig. 4 - Access analysis for exam-staff role
So, in Fig. 4 we see that the rule we defined for the exam-staff role was effective, and was inherited down the resource tree. We also see that the rule inherited from the staff role was also effected, and overrides the exam-staff rule. This is because the staff role was defined with a more localized resource target. If we had also created a rule for the exam-staff which targeted the event/class resource, it would have taken precedence over the staff rule.
Now, to implement the roles in the example above, in code, we would define them as shown below:
// these roles have no parent $acl->addRole( new Zend_Acl_Role( 'staff' ) ); $acl->addRole( new Zend_Acl_Role( 'developer' ) ); // role with single parent $acl->addRole( new Zend_Acl_Role( 'exam-staff' ), 'staff' ); // role with multiple parents $acl->addRole( new Zend_Acl_Role( 'support' ), array( 'staff', 'developer' ) );
Note: I think that roles with parents must be added after the parent roles have been added, or an error will be thrown.
Now, this is all very nice and pretty, but our super-advanced mirror wielding ACL loads its rules from the database. So to define these rules in the database, we need to have the following rows in acl_role and acl_role_parent tables:
TABLE `acl_role` ( `id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, `name` VARCHAR(32) NOT NULL, `description` VARCHAR(32) NOT NULL, ) INSERT INTO `acl_role` VALUES (1, 'technician', 'Teleconference Technician'); INSERT INTO `acl_role` VALUES (2, 'staff', 'General Staff'); INSERT INTO `acl_role` VALUES (3, 'exam-staff', 'Examinations Staff'); INSERT INTO `acl_role` VALUES (4, 'support', 'Help Desk'); TABLE `acl_role_parent` ( `id` SMALLINT(5) UNSIGNED NOT NULL AUTO_INCREMENT, `role_id` SMALLINT(5) UNSIGNED NOT NULL, `parent_role_id` SMALLINT(5) UNSIGNED NOT NULL, ) INSERT INTO `acl_role_parent` VALUES (1, 3, 2); INSERT INTO `acl_role_parent` VALUES (2, 4, 1); INSERT INTO `acl_role_parent` VALUES (3, 4, 2);
Note: If caching is enabled, the ACL cache must be cleared to force it to reload its data from the database.
That’s all for the role definition. Now all you have to do is assign rules to the roles for your resource tree and use the analysis tool to see how it affects the permissions for the roles and their child roles. However, since we already know how to implement regular roles and rules, I will stop here.
So, the ACL the system now auto-builds page resources via reflection, and we now have an idea of how role inheritance works. We’ve only touched the possibilities of multiple role inheritance, as there does not seem to be any limit to the number of parents or how many ancestors a role can have.
In addition, ACL still has at least two more dimensions of complexity: Assertions and Permissions. Although our ACL currently has limited support for these features, the existing features supported by our ACL make it capable of handling almost every access control situation in the OCMS.
If you enjoyed the post, make sure you subscribe to the RSS feed.
© 2008 DevTeam. All Rights Reserved.
Powered by WordPress. Design by 
Recent Comments