Re: Model-View-Controller and user permissions
Re: Model-View-Controller and user permissions
- Subject: Re: Model-View-Controller and user permissions
- From: Ramsey Gurley <email@hidden>
- Date: Tue, 19 Jul 2011 11:14:42 -0700
On Jul 19, 2011, at 9:24 AM, Amy Worrall wrote:
> On Tue, Jul 19, 2011 at 4:50 PM, Ramsey Gurley <email@hidden> wrote:
>> Personally, I find this approach the simplest. The main problem I run into here is rule system caching. ERD2W does a fantastic job of caching to keep the rule system really fast, but in the case of auth logic, it isn't hard to imagine ways that cached values can become invalid.
>
> Couldn't you solve the caching problem with strategic use of
> significant/dependent keys?
Well, I do (^_^) Don't get me wrong, I still use the rule system at the end of the day. It's just the evaluation for auth actions is done in a custom delayed assignment, not with LHS rule qualifiers. You can see it happening in ERADefaultAuthorizationAssignment.
If you deemed it necessary, you could still do a branchChoices assignment in the rule system and override whatever the ERADefaultAuthorizationAssignment produces based on whatever LHS qualifier you want. Using the doctor patient example from earlier, it would be pointless to cache a lot of auth values because every single doctor user is potentially going to have different auth privs for every single patient photo in a list page.
> Of course, I can see the other advantages
> to having a nice auth framework :)
>
>> The primary downside to ERAuth is that it requires support built into the view components. Right now, only one 'look' framework can use it... R2D2W
>
> I'm somewhat a D2W noviceā¦ is R2D2W a 'look' in the same way
> ERModernLook is? Or are they different sorts of things?
Yeah, it's just another look framework. I do things differently in that all my page level actions are controlled entirely with branchChoices. Having lots of rule keys like showCancelButton, showBackButton, showTopActions, showBottomActions, showWhatever, was just too many keys for me to remember and deal with...
So I replaced them all with branch choices supplied by an assignment class. R2D2W has one (R2DDefaultBranchChoicesAssignment) that does simple branchChoices with caching based on the original isEntityEditable, isEntityDeletable, etc... ERAuth has a non-caching assignment that replaces it and evaluates auth based on the CRUDAuthorization class.
Doing it this way is what allows me to centrally control the available actions on the page with the ERADefaultAuthorizationAssignment. Since none of the other looks do this, they would likely require a lot of work in their view components to support something like ERAuth... hence why I've never merged this stuff into wonder. It wouldn't be very useful outside of R2D2W.
Ramsey
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden