Re: Model-View-Controller and user permissions
Re: Model-View-Controller and user permissions
- Subject: Re: Model-View-Controller and user permissions
- From: Chuck Hill <email@hidden>
- Date: Tue, 19 Jul 2011 10:44:10 -0700
Hi Amy,
On 2011-07-19, at 5:55 AM, Amy Worrall wrote:
> Hi! I have a question about good app design.
>
> I know that, as mentioned in the WOWODC videos I've watched, a common
> beginner mistake is to put most of the logic in the page components.
> Indeed, I've been guilty of that myself in apps I've made in the past.
> I know the fundamentals of MVC from my background in Cocoa.
>
> So suppose I have an app where users have their own profile. Each user
> can edit his own profile, whereas an admin can edit any profile.
>
> Where abouts does the logic go to check if someone is authorised to
> edit a particular profile? Should there be a method on the Session, to
> return a boolean for "can edit this profile"? If that's the case, from
> where is that method called?
I'd centralize all knowledge of this in some object like SecurityManager whose job it is authorize user actions. You could provide access to that via the session, but I think a better approach is to use ERXThreadStorage and access it via the thread. That way you avoid needing the component-session link.
> I know I could do it by having the page component call the
> authorisation method, and return an error page instead if it goes
> wrong. But that seems to tie the logic too much to my view:
And that seems like checking it too late for a page. You should use the security manager to prevent them ever getting a change to attempt to edit it.
> what if I
> come to add a REST API later? I'd need to duplicate my permissions
> logic, since it wouldn't be using the WOComponent that outputs the
> HTML page.
thread based access avoid that issue.
> Ditto if I add another page elsewhere that happens to be
> able to make a profile change (say, allowing an inline name change on
> another otherwise unrelated page).
You should make the inline editor disabled if the user lacks permissions.
> Ideally I think the data model
> itself should be able to reject an edit if it's performed without
> permission, but then we get into problems since the data model
> shouldn't know about the session.
thread based access avoid that issue AND that is too late for this kind of check IMO.
> Also, I'm considering using Direct To Web (at least to some extent)
> for this project. I've never used it for anything more than an admin
> interface (i.e. one global login, if you're in then you can edit
> everything). If I were using Direct To Web, is the answer to the above
> question the same?
Largely, yes.
Chuck
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden