User management

Copyright 2008-2009 ManyDesigns srl. All rights reserved.

Contents

  1. 1 Purpose
  2. 2 Creating the user data model
  3. 3 Enabling user management
  4. 4 Creating a user
  5. 5 Creating a user group
  6. 6 Associating a user to a user group
  7. 7 Changing the user model for languages other than English
  8. 8 Enabling user management for the upstairs level

Purpose

User management is important in public and enterprise information systems. It allows:
  • the authentication of users through a login screen
  • password changes
  • administrative functions to add/remove users and manage their associations to user groups.
  • single sign-on and centralized user management (LDAP, etc). See chapter Single sign-on for more details on this.
ManyDesigns Portofino's basic configuration has user management switched off. This means that, when you start, there is no authentication and any user who knows the system's url can access it. This situation is desirable only in the very early stages of development. Very soon you will want to have user management in your system not only for security reasons but also for features such as roles and responsibilities within workflows, notifications, personalized portlets, etc.

Creating the user data model

Before you can let user log onto your systems, you need to create the classes where the system can store those users. Portofino requires you to create three classes with exactly the following convention:
A User class with, at least, the following text attributes:
  • login
  • password
  • email: used for notification
A UserGrp class with, at least one text attribute:
  • name: the group's name
A User_UserGrp class, as a many-to-many relationship between User and UserGrp, having two relationship attributes:
  • user: pointing the User class
  • user group: point to the UserGrp class
To make life easier, you can follow a different route: click on the Meta user groups tab, then on the create user model link. Portofino will automatically:
  • check if the user model already exists
  • add the User/UserGrp/User_UserGrp model as described above.
  • create two user groups: Users and User Administrators
  • create an admin user (password: admin) associated with both groups
  • set some basic permissions that grant read permissions on the user data model to the User group and read/write permissions to the User Administrators group.
You are encouraged to use this technique. Most of the times this is the first step of the modeling activity. However this is not a strict requirement and you can user the create user group function any time you like during modeling.

Enabling user management

Once you've create the user data model, you still have to tell the system to use it.
Locate the portofino-custom.propeties file you used during the installation. Then add or edit the following line:

model.users.enabled=true

As an optional configuration you may want to disable anonymous access o the system:

model.users.anonymous.enabled=false

This will force users to log onto the system before they can start using it.

Save the file, then restart the application server to make the changes effective.

Creating a user

Go downstairs. If you have already enabled user management, log on to the system as a member of the User Administrators group. If you have followed the standard procedure described above, log in as admin (password: admin).

Click on the Users tab, then on the create link. Enter the new user's details as required: login, password and email. Click on the Create button to save.

Creating a user group

Go upstairs. Click on the Meta user groups tab, then on the create link. In the form, enter the group's name and click on the Create button to save. When you do this, two things happen:
  • upstairs, a meta user group is created (you have just done this);
  • downstairs, a user group is created (Portofino does this automatically for you).
Notice that Portofino keeps the meta user groups upstairs in sync with the user group downstairs. Whatever you do to one (create, update, delete) is reflected on the other.

Associating a user to a user group

Go downstairs. Click on the Users tab, then select the user you want to associate. In its details page, locate the Belongs to user groups section and click on the Connect to user groups. In the form, select the a group from the picklist. Finally click on the Create button.

Changing the user model for languages other than English

You may have noticed that the user model requires a number of classes and attributes that use English names. This may be a problem if English is not the target language of your system. You can change the user model to fit your language, but keep these two rules in mind:
  • The name of classes and attributes must be strictly as specified in the section Creating the user model, i.e., with the English names.
  • The pretty name and pretty plural of classes and attributes (as well as the opposite end name of relationship attributes) can be anything you like in the language you want.

Enabling user management for the upstairs level

The upstairs level has user management and permissions exactly like the downstairs level. Their purpose is to prevent regular users from accessing and modifying the application model.

By default, upstairs user management is disabled. To enable it add the following lines in the portofino-custom.properties file:

meta.users.enabled=true
meta.users.anonymous.enabled=false

Save the file, then restart the application server. From now on, you must authenticate to use the upstairs level. Portofino comes with a default user admin (password: admin). Change its password as soon as possible.

Notice that the upstairs and downstairs level have separate user management. That means you can't use an upstairs user to log in downstairs and vice versa. This may create confusion at times, but keeps a better separation between the two levels.


Previous: Relationships

Next: Permissions