Re: Model-View-Controller and user permissions
Re: Model-View-Controller and user permissions
- Subject: Re: Model-View-Controller and user permissions
- From: Jesse Tayler <email@hidden>
- Date: Tue, 19 Jul 2011 10:20:41 -0400
you might think of some of it like this
you want to separate things that go and get data, parse and deal with it from the things which then present user information, contain user context and generally navigate and control user interface.
that's always a good idea because even if it takes a bit longer to code, you'll find yourself with a better platform upon which to create new stuff as you move on down the line.
I've always loved D2W because if you fully embrace it, create you own UI elements and navigation logic, and you'll distill the logic part of your work down to flexible rules which really represent the simplest, most efficient form of storing configuration information.
The downfall to D2W can be that it is easy to hack your way through it, which can leave you with hard to find and solve bugs or way too many rules to properly maintain.
so, if you embrace D2W, I say, go for it and either create your own 'look' or at least fully embrace the look and components you find there.
One Hint:
if you find yourself writing 1000's of rules, you likely haven't made your components as smart as they can be - rules are just logic - use them to instruct your components what to do at runtime and you'll be amazed at the power!
On Jul 19, 2011, at 8:55 AM, Amy Worrall wrote:
> Hi! I have a question about good app design.
>
> I know that, as mentioned in the WOWODC videos I've watched, a common
> beginner mistake is to put most of the logic in the page components.
> Indeed, I've been guilty of that myself in apps I've made in the past.
> I know the fundamentals of MVC from my background in Cocoa.
>
> So suppose I have an app where users have their own profile. Each user
> can edit his own profile, whereas an admin can edit any profile.
>
> Where abouts does the logic go to check if someone is authorised to
> edit a particular profile? Should there be a method on the Session, to
> return a boolean for "can edit this profile"? If that's the case, from
> where is that method called?
>
> I know I could do it by having the page component call the
> authorisation method, and return an error page instead if it goes
> wrong. But that seems to tie the logic too much to my view: what if I
> come to add a REST API later? I'd need to duplicate my permissions
> logic, since it wouldn't be using the WOComponent that outputs the
> HTML page. Ditto if I add another page elsewhere that happens to be
> able to make a profile change (say, allowing an inline name change on
> another otherwise unrelated page). Ideally I think the data model
> itself should be able to reject an edit if it's performed without
> permission, but then we get into problems since the data model
> shouldn't know about the session.
>
> Also, I'm considering using Direct To Web (at least to some extent)
> for this project. I've never used it for anything more than an admin
> interface (i.e. one global login, if you're in then you can edit
> everything). If I were using Direct To Web, is the answer to the above
> question the same?
>
> Thanks for your help,
>
> Amy
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden