Re: Pattern Approach to User permissions?
Re: Pattern Approach to User permissions?
- Subject: Re: Pattern Approach to User permissions?
- From: Kieran Kelleher <email@hidden>
- Date: Tue, 2 Mar 2004 17:03:33 -0500
Silly me .... I don't need a PermissionManager class for the possible
approach outlined below. I could simply have a public method in my
customer class named "can" that checks against the to-many relationship
with the Permission class
customer.can("update", "storelocation");
In any case, I still welcome/need suggestions or patterns for managing
user permissions.
Thanks, Kieran
On Mar 2, 2004, at 4:45 PM, Kieran Kelleher wrote:
I am trying to decide how best to incorporate user-based permissions
for selecting (viewing), inserting (adding), updating (editing) and
deleting EO's into my object model design.
I have designed my object model to be user (customer) centric (which
is good since the app is primarily for the benefit of customers!) In
my app, users (customers) will log on and will be able to select
(view) their own data, and other EO's related to themselves (for
example store locations, mailing campaigns, account debits/credits,
mailing responses etc.). Each customer may have different permissions
to view, edit or delete their own data. For example a large corporate
customer may have permission to edit their own store location
information whereas the restaurant owner down the street may not have
permission to edit his store location data.
So, the user centric design will in many ways make it easy to "walk"
the object graph from the customer's own starting point once they
login, but I am looking for "design patterns" or "best practices" for
implementing a permissions strategy that I can readily use later in WO
Builder.
I was thinking of having a PermissionManager EO class and each user
would have a to-one relationship with it. Then the PermissionManager
entity would have a many-to-many relationship with a Permission EO
class. I would have a fixed set of Permission EO's each with simple
string attributes such as action and entity, where "action" would be
Select, Insert, Update or Delete and "entity" would be
"storelocation", "mailingcampaign", etc. then have a simple method in
the PermissionManager class such as can( action, entity) that returns
a boolean (by checking if such a Permission exists in its own array of
Permission entities defined by the to-many relationships between the
user owned PermissionManager instance and the Permission objects. For
example:
customer.permissionManager.can("update", "storelocation")
... which if it returns true will display the Update action link in
the WO component so that the customer can click it to navigate to the
page that allows them to edit the store location, otherwise if the
"can" method returns false, that link would not be displayed.
ANYWAY, sorry for the long-winded background .... am I on the right
track??, or does anyone of you have some approach or protocol or
pattern that works well for you for managing user permissions in an
elegant way at the EO Model level that works well through the
application's use of the EO design???
Advice appreciated,
Kieran
________________________________________________________________
Config = OS X 10.3.2 / Java 1.4.1 / WO 5.2.2 / MySQL 4.0.18 /
Connector-J 3.0.11
Blog: http://webobjects.webhop.org/
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.