End-of Sprint DemoSprint 1

“Auth Module, beta Release”

Robert WagnerJessica Lundberg

Erik Roos

• Sprint goal: improve the Auth module so it can be used in actual applications

• Sprint started on Jan. 26th• Sprint scheduled to end on Feb. 18th, but cut

short one week• Selected user stories amounting to 14,5 “story

points” (ideal man-days)• 1 story and a few tasks moved to “Next”

because of deadline move

Sprint facts

Some technical notes• Created a new type of Login, DatabaseLogin, which replaces

the old SimpleLogin when using the Auth system– We also have OpenIdLogic, which extends DatabaseLogin– You can set the option to use DatabaseLogin or OpenIdLogin in your

project properties file• When using DatabaseLogin, a security decorator is added to

all entities, ensuring secure add/update/remove procedures – Comes from the new SecurityMapper– Located in the layer of decorators closest to the database, to ensure

that nothing overrides these functions• There is now an Authorizable interface that can be

implemented by entities wanting to use row-level security– Not completely functional yet

User story 1

• As a new user to the system…• I want to register myself and then have the ability to– login– logout– change my details

• Importance 100• 0,5 story points• Status: done

User story 2

• As authenticated user…• I want to create my private groups of users…• And, for objects that I own, add permissions

on users or groups

• Importance 90• 7,5 story points• Status: done, except for customized screen to

create groups

User story 3

• As an anonymous user…• I want to see all the entities I am entitled to

see…• Without logging in

• Importance 80• 1 story points• Status: done

User story 4

• As an administrator…• I want to be able to manage– users– groups

• Importance: 70• 3,5 story points• Status: partly done (no customized UI yet but

standard form screens)

User story 5

• As an administrator…• I want to set read, write, execute and

ownership permissions on entities…• Including tables, fields, rows and screens

• Importance: 60• 2 story points• Status: done (but field, row and screen

security not yet fully in place)

User story 6

• As an administrator…• I want to have the possibility to forward

permissions from an entity to others

• Importance: 5• 5 story points• Status: moved to “Next”

Highlights of tasks moved to “Next”

• Make manual• Enable field, row and screen security• Handle executable files• When checking user permissions, also take

into account those from groups they are members of

• Provide customized screens for User and Group management