User management is one of the more difficult things, surprisingly. Authentication methods vary across sites and institutions depending on policies and available security on the server and between the server and browser. Nor are users really part of the digital humanities problem. Usually, the most a DH project needs is to know that not just anyone can modify, add, or remove information.
Even though I don’t have a good idea yet on how to manage users from the point of view of the Fabulator engine (e.g., it shouldn’t depend on the authentication method), I am exposing a little of the Radiant user model by introducing the
current-user function in the Radiant lib namespace. I’ve also added a
go-to action that transitions the application to the stated view. A test can be added that will go to the state view only if the test succeeds.
With these changes, I can add the following snippet as a guard against unauthorized use of an application:
<f:go-to f:test="not(radiant:current-user()/@admin)" f:view="unauthorized" />
With this, I can put into production some simple data management application suites.