Pattern Approach to User permissions?
Pattern Approach to User permissions?
- Subject: Pattern Approach to User permissions?
- From: Kieran Kelleher <email@hidden>
- Date: Tue, 2 Mar 2004 16:45:26 -0500
I am trying to decide how best to incorporate user-based permissions
for selecting (viewing), inserting (adding), updating (editing) and
deleting EO's into my object model design.
I have designed my object model to be user (customer) centric (which is
good since the app is primarily for the benefit of customers!) In my
app, users (customers) will log on and will be able to select (view)
their own data, and other EO's related to themselves (for example store
locations, mailing campaigns, account debits/credits, mailing responses
etc.). Each customer may have different permissions to view, edit or
delete their own data. For example a large corporate customer may have
permission to edit their own store location information whereas the
restaurant owner down the street may not have permission to edit his
store location data.
So, the user centric design will in many ways make it easy to "walk"
the object graph from the customer's own starting point once they
login, but I am looking for "design patterns" or "best practices" for
implementing a permissions strategy that I can readily use later in WO
Builder.
I was thinking of having a PermissionManager EO class and each user
would have a to-one relationship with it. Then the PermissionManager
entity would have a many-to-many relationship with a Permission EO
class. I would have a fixed set of Permission EO's each with simple
string attributes such as action and entity, where "action" would be
Select, Insert, Update or Delete and "entity" would be "storelocation",
"mailingcampaign", etc. then have a simple method in the
PermissionManager class such as can( action, entity) that returns a
boolean (by checking if such a Permission exists in its own array of
Permission entities defined by the to-many relationships between the
user owned PermissionManager instance and the Permission objects. For
example:
customer.permissionManager.can("update", "storelocation")
... which if it returns true will display the Update action link in the
WO component so that the customer can click it to navigate to the page
that allows them to edit the store location, otherwise if the "can"
method returns false, that link would not be displayed.
ANYWAY, sorry for the long-winded background .... am I on the right
track??, or does anyone of you have some approach or protocol or
pattern that works well for you for managing user permissions in an
elegant way at the EO Model level that works well through the
application's use of the EO design???
Advice appreciated,
Kieran
________________________________________________________________
Config = OS X 10.3.2 / Java 1.4.1 / WO 5.2.2 / MySQL 4.0.18 /
Connector-J 3.0.11
Blog: http://webobjects.webhop.org/
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.