I’ve been working on this feature for a couple of days now, using at first a miss-mash of Reflection class properties and loops.

Thankfully I came across this excellent library on Google Code, called Addendum that saved me the trouble of reinventing the wheel.

Serenity Summer Patch 3 will introduce the annotated role security layer to the platform. What this means for developers is that you can now fine tune your applications when you ship them, locking the application down by module using nothing more than a code comment and function call.

Serenity’s currently (unfinished) permission model relies on your standard permissions schema: Joe X has the administrator role in application Y, and it’s stored as a bit in the database.

Serenity’s new annotated role system takes it one step further. Instead of the application having the task of checking and loading bits itself, Serenity uses the code comments in your class file to determine security.

In a perfect world, your Serenity application would be split into modules, each being it’s own class file. With that in mind, the following example demonstrates how a certain module would restrict access, updating and deleting to the “admin” database role:

A list control module
/** @SecurityRole(access="admin",update="admin",delete="admin") */
class App implements serenity_application
{
public function view_lists()
{
/* ... */
}

public function delete_list()
{
Serenity::security()->check_delete_role();
/* .. */
}
}?>


For each module class that you want protected, simply add the @SecurityRole() functional comment on the line before the class declaration and pass it the valid permissions for access, update, and delete.

For the access bit, you don’t need to call a function in the file. For each function that updates or deletes a piece of data, add the appropriate Serenity::security() call to check the bit before execution.

The system is being built to accommodate any number of bits, and to be extensible. Once Patch 3 is released, we’ll update our documentation with the Security system and how to use it properly.

With Serenity Enterprise, we decided to cut out the middle man and create a native PHP wrapper for creating rich user interfaces with ExtJS. The result, ExtUI, will be shipping standard with Serenity AP and all products. Our new inline Admin toolbar ( shown in the graphic to the right ), is built on ExtUI and is our first stable widget for the new platform.

Another plus to the ExtUI library is that it compresses the Javascript on the fly, resulting in faster downloads and intelligent caching.

We’re moving our first public beta release date up for Serenity AP to tomorrow. You read that right: tomorrow. We’ve been purposefully pushing out details in all directions in order to ensure that certain other companies don’t magically pop out of beta with a number of our features. Tomorrow we will post up the first encoded beta of Serenity AP, along with a “HelloWorld” tutorial series so that developers can get settled in with the APIs that have stabilized so far.

Even though tomorrow’s release will be considered a Beta, all code written for the package will continue to work through the final release, as the APIs are considered Stable and ready for public use.

Tune in tomorrow, it’s time we shook up the web world a bit and show what a real small company can do.

Join the forum discussion on this post - (1) Posts