• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Model-View-Controller and user permissions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Model-View-Controller and user permissions

  • Subject: Model-View-Controller and user permissions
  • From: Amy Worrall <email@hidden>
  • Date: Tue, 19 Jul 2011 13:55:20 +0100
Hi! I have a question about good app design.

I know that, as mentioned in the WOWODC videos I've watched, a common
beginner mistake is to put most of the logic in the page components.
Indeed, I've been guilty of that myself in apps I've made in the past.
I know the fundamentals of MVC from my background in Cocoa.

So suppose I have an app where users have their own profile. Each user
can edit his own profile, whereas an admin can edit any profile.

Where abouts does the logic go to check if someone is authorised to
edit a particular profile? Should there be a method on the Session, to
return a boolean for "can edit this profile"? If that's the case, from
where is that method called?

I know I could do it by having the page component call the
authorisation method, and return an error page instead if it goes
wrong. But that seems to tie the logic too much to my view: what if I
come to add a REST API later? I'd need to duplicate my permissions
logic, since it wouldn't be using the WOComponent that outputs the
HTML page. Ditto if I add another page elsewhere that happens to be
able to make a profile change (say, allowing an inline name change on
another otherwise unrelated page). Ideally I think the data model
itself should be able to reject an edit if it's performed without
permission, but then we get into problems since the data model
shouldn't know about the session.

Also, I'm considering using Direct To Web (at least to some extent)
for this project. I've never used it for anything more than an admin
interface (i.e. one global login, if you're in then you can edit
everything). If I were using Direct To Web, is the answer to the above
question the same?

Thanks for your help,

Amy
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Model-View-Controller and user permissions
      • From: Chuck Hill <email@hidden>
    • Re: Model-View-Controller and user permissions
      • From: David Holt <email@hidden>
    • Re: Model-View-Controller and user permissions
      • From: Ramsey Gurley <email@hidden>
    • Re: Model-View-Controller and user permissions
      • From: Jesse Tayler <email@hidden>
  • Prev by Date: Editing Images Meta-Data
  • Next by Date: Re: Model-View-Controller and user permissions
  • Previous by thread: Editing Images Meta-Data
  • Next by thread: Re: Model-View-Controller and user permissions
  • Index(es):
    • Date
    • Thread