* * *

Author Topic: Embedded user security (components maybe) at GUI objects level  (Read 2296 times)

zoltan72

  • Newbie
  • Posts: 1
Embedded user security (components maybe) at GUI objects level
« on: September 11, 2013, 01:25:56 pm »
Hi,

I'm new to Lazarus, so please bear with me.
After playing with the product and doing some research on this forum/wiki for the above subject , I came to conclusion that a new topic would catch more attention, especially because I didn't see any topic dedicated solely for this. If I'm wrong please point me into the right direction.

So, following the recent tendencies in the development tools for business applications area, I noticed that most of the emerging developer tools (like wavemaker, wakanda, ebase xi, tersus, lianja ... and so on) have some kind of embedded security stuff, which can handle user permissions/privileges (read, write, delete) based on user roles/groups at GUI level (forms, widgets/controls or even at "application itself" level).  I've searched for such a feature in Lazarus but no success and I hope I didn't miss something.
I'm aware of the database articles in the wiki, but these suggest security at database level. Now, not every database system have security features (see flat file based DBMS like dbf, db, paradox ... even simple text files). I'm also aware of some forum topics, which suggest the "program your own security layer" way, but wouldn't be nice if Lazarus had provide it out of the box in some kind of form (dedicated component most likely) ? Ok, I agree, database level security would be hard to avoid in a serious application, but not every application is so demanding and the possibility of combining the two would produce a killer development platform.

So, first of all I'd like to ask you if exists such kind of feature as community/third party development and if not, what do you think, could it have a future in Lazarus ?

Thanks.

The best,
Zoltan
« Last Edit: September 11, 2013, 01:57:08 pm by zoltan72 »

BigChimp

  • Hero Member
  • *****
  • Posts: 5740
  • Add to the wiki - it's free ;)
    • FPCUp, PaperTiger scanning and other open source projects
Re: Embedded user security (components maybe) at GUI objects level
« Reply #1 on: September 11, 2013, 02:04:05 pm »
Interesting post!

No, as far as I know there don't exist components like that.

Having some GUI components that represent user/groups, access permissions etc would be nice.

Of course, as you mention, you'll need underlying components that represent users/groups etc as well.
- Users/groups: IMO, it would be simplest to just link through to the underlying operating system (or database) implemention (e.g. Windows users/groups, or Firebird users, or Linux PAM users/groups).
- Permissions: we're talking about application-level permissions here so some kind of (non-visual) component that would keep track of those, manage inheritance (if needed) etc would be nice. I would imagine e.g. serious CRM etc applications would already have something this - perhaps there's some Delphi code that could be used/adapted
AFAIR, Microsoft implements something like this in the .Net framework - might be useful for inspiration/modelling.

Your thoughts?
Want quicker answers to your questions? Read http://wiki.lazarus.freepascal.org/Lazarus_Faq#What_is_the_correct_way_to_ask_questions_in_the_forum.3F

Open source including papertiger OCR/PDF scanning:
https://bitbucket.org/reiniero

Lazarus trunk+FPC trunk x86, Windows x64 unless otherwise specified

taazz

  • Hero Member
  • *****
  • Posts: 4123
Re: Embedded user security (components maybe) at GUI objects level
« Reply #2 on: September 11, 2013, 02:25:56 pm »
There are a couple of security components for delphi and one good enough package that is open source and could probably be converted easily is the usercontrol last time I checked it was hosted on sourceforge https://sourceforge.net/projects/usercontrol/ it might have been moved to other hosts like google code for newer version I haven't followed it to be honest so some kind of research is required before converting.

That being said the method used to save the rights is not safe and it requires a bit of work to make sure that the end user will not be able to change them outside your application and as far as I remember it does not support groups or database specific rights out of the box.
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

dgaspary

  • Jr. Member
  • **
  • Posts: 55
Re: Embedded user security (components maybe) at GUI objects level
« Reply #3 on: September 12, 2013, 05:20:41 am »
There are a couple of security components for delphi and one good enough package that is open source and could probably be converted easily is the usercontrol last time I checked it was hosted on sourceforge https://sourceforge.net/projects/usercontrol/ it might have been moved to other hosts like google code for newer version I haven't followed it to be honest so some kind of research is required before converting.

Some users at the brazilian Lazarus List are/were working on converting it:

http://code.google.com/p/ucp/

elidorio

  • Sr. Member
  • ****
  • Posts: 288
Re: Embedded user security (components maybe) at GUI objects level
« Reply #4 on: July 25, 2017, 04:00:25 am »
There is also this component, for user control:

https://github.com/jbsolucoes/ucp
Lazarus 1.4.4 | FPC 2.6.4 | Windows / Linux Debian

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus