• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: false sense of security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: false sense of security?

  • Subject: Re: false sense of security?
  • From: Chuck Hill <email@hidden>
  • Date: Wed, 1 Sep 2004 09:44:07 -0700
On Sep 1, 2004, at 8:47 AM, William Norris wrote: 

I'm using a WOConditional to prevent the link from even being created.
 However, I'm running into another problem now...  I have a function -

boolean userInGroup(String username, String password);

that will determine if the link should be displayed for that user.
However, it appears to me that WOConditional (or any Dynamic Element
for that matter) will not allow you to bind functions that take in
parameters.
No, they don't. Key-value coding (aka KVC) does not support the passing of parameters. However there is an option. In Project WONDER there is a framework named WOOgnl that wraps the OGNL library (ok, ok, it stands for Object Graph Navigation Language). See http://www.ognl.org/ Very cool. Very powerful. Very highly recommended. It can pass parameters as well as almost anything else you could imagine doing in code.


  The only thing that actually works would be a series of
functions - userInAdminGroup(), userInStudentGroup(), etc... but as
far as I'm concerned, that's not even a viable option.


What I usually do is to register the user (assign to an instance variable) in the Session when they authenticate. Then you can query the user's session for authorization:
session.userIsStudent, session.userIsAdmin. Better, rather than test group membership, test priviledge or roles: session.userCanEditStudentRecords session.userCanCreateRegistration.

For a better design, create an authorization manager and add it to session. Thus we get session.authManager.canEditStudentRecords In the authorization manager, override the KVC methods to trap all requests starting with can and change them into data lookups. That way everything is data driven and you avoid having to write one method per permission.


Chuck
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.

References: 
 >false sense of security? (From: William Norris <email@hidden>)
 >Re: false sense of security? (From: "Arturo Perez" <email@hidden>)
 >Re: false sense of security? (From: William Norris <email@hidden>)

  • Prev by Date: Re: false sense of security?
  • Next by Date: Re: false sense of security?
  • Previous by thread: Re: false sense of security?
  • Next by thread: Re: false sense of security?
  • Index(es):
    • Date
    • Thread