Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
- Subject: Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
- From: Chuck Hill <email@hidden>
- Date: Tue, 10 Mar 2009 13:38:22 -0700
On Mar 10, 2009, at 12:34 PM, Riccardo De Menna wrote:
Hi,
Well... After reading your RBAC and what Chuck uses, my stuff looks
pretty plain. Anyway I was writing this class while posting the
original msg of this thread so I decided to share.
It's not even alpha... I've not had the time to even run it twice
(I'm serious) so just check the idea, not the code. I fixed some
fast JavaDoc comments in the code. ;)
http://rdm.rdm-web.com/jSamples/Privileges.java.html
It's a centralized class to store all privileges in compact BitSets.
It's designed with static constructors to fit perfectly in the
"Custom" attribute scenario of the wolips entity modeler.
My "User" entity has an attribute like the following:
<eosetup.png>
Different classes can define and use their privilege with a static
block without any prior knowledge of other privileges. Also classes
define their privilege in "their" files and use them there as well.
This keeps me from cluttering all my app with references to
privileges that might not exist anymore.
I decided to use the static block constructor cause I feel that
since the code "relies" on the privileges, defining them in property
files paves the road to problems. This also gives me a startup check
that privileges don't conflict. I'm not happy of the redundant ID/
CODE thing I picked and of the need to manually choose a unique ID,
but I can live with it.
After reading Chucks post I think I'll look into ways of making it
work seamlessly with KVC.
On your WOComponent common super class:
/**
* Overridden to provide bridge to session.canUser() for keypaths
starting with "@canUser" (returns true
* if user has privilege) or "@userCant" (returns true if user
lacks privilege).
*/
public Object valueForKeyPath(String keyPath)
{
if (keyPath.startsWith("@canUser") ||
keyPath.startsWith("@userCant") )
{
try
{
int firstPeriod = keyPath.indexOf(".");
if (firstPeriod == 1)
{
throw new RuntimeException("Malformed keypath, no
'.' found");
}
// Standard case with optional EO not present
String privilegeKey = keyPath.substring(firstPeriod +
1);
EOEnterpriseObject eo = null;
// Handle presence of EO
int secondPeriod = privilegeKey.indexOf(".");
if (secondPeriod > -1)
{
privilegeKey = privilegeKey.substring(0,
secondPeriod);
eo = (EOEnterpriseObject)
valueForKeyPath(privilegeKey.substring(secondPeriod + 1));
}
boolean userHasPrivilege =
((Session)session()).canUser(privilegeKey, eo);
return new
java.lang.Boolean(keyPath.startsWith("@canUser") ?
userHasPrivilege : ! userHasPrivilege);
}
catch (Exception e)
{
reportError(true, e.getMessage() + " resolving
binding path " + keyPath);
}
}
return super.valueForKeyPath(keyPath);
}
Any comments/bugs are absolutely welcome. It's a work in progress so
I'd love advice from others and as Kieran, I'm curious about how you
do it yourself.
rdm _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden