Feature Wiki

Information about planned and released features

Tabs

Main Menu: Use optinal role-based visibility for self-created items

1 Initial Problem

Currently, self generated Main Menu entries are displayed to all users. Optionally, it should be possible to restrict them to global or local roles.

2 Conceptual Summary

Main Menu entries already have an internal mechanism that decides who can see an entry and who cannot. The entries that provide the core components use this mechanism in all cases.
via a configuration interface when creating and editing the self-generated entries, global or local roles can be selected to see an entry.

In the case of a RepositoryLinkj, the assignment to a Global Role is checked in addition to the read rights of the linked object.

3 User Interface Modifications

3.1 List of Affected Views

Administration -> Layout and Navigation -> Main Menu

  • Creation and Editing of Main Menu (Top/Sub) Items

3.2 User Interface Details

Optional: Additionally to the existing Form-Elements, a Search-As-You-Type-Multi-Select UI Input (a nice name has to be found) is used for role-selection. 

3.3 New User Interface Concepts

When needed: Search-As-You-Type-Multi-Select UI Input (a nice name has to be found), which will be done in the UI Kitchen sink process

4 Technical Information

The Global-Screen-Items already have the functionality to hide or show items to the users. Once the role-based-configuration is possible, these items just ask RBAC for the role-assignements of the current user.

5 Privacy Information

No person-related data ist stored

6 Security Implications

Using RBAC und Inputs (UI-Service) no additional security related implications are expected.

7 Contact

8 Funding

If you are interest in funding this feature, please add your name and institution to this list.

9 Discussion

Kunkel, Matthias [mkunkel], 20 OCT 2020 : IMHO you have to check VISIBLE and READ permission to display a "custom" main menu entry. Checking "READ" is not sufficient. Reason: you can build a "RBAC tunnel" by giving only READ permissions for an object and for the path in the repo to this object. In this case, the object is accessible for a user through a link but not displayed anywhere (no VISIBLE permission). For such an object a related custom main menu entry that belongs to this path would suddenly appear - even if no VISIBLE permission is given for this node (because only READ is checked). And this would be unexpected and not desired behaviour.

JourFixe, ILIAS [jourfixe], 26 OCT 2020: We highly appreciate this suggestion and schedule the feature for ILIAS 7 - if it could be implemented before coding completed. Otherwise, we schedule it for ILIAS 8.

10 Implementation

Test Cases

Test cases completed at {date} by {user}

  • 42423 : Anzeige eines Eintrags für eine bestimmte global Rolle

Approval

Approved at 12 NOV 2020 by Kunkel, Matthias [mkunkel]

Last edited: 6. Jan 2021, 13:11, Kunkel, Matthias [mkunkel]