Re: Model-View-Controller and user permissions
Re: Model-View-Controller and user permissions
- Subject: Re: Model-View-Controller and user permissions
- From: Amy Worrall <email@hidden>
- Date: Tue, 19 Jul 2011 19:36:46 +0100
> I'd centralize all knowledge of this in some object like SecurityManager whose job it is authorize user actions. You could provide access to that via the session, but I think a better approach is to use ERXThreadStorage and access it via the thread. That way you avoid needing the component-session link.
Sounds good. So, if I were using Direct2Web, I could have delegate
methods that call the SecurityManager to check that a certain action
is allowed?
I guess I should have a method like userCanEditProfile(User
userToCheckPermissions, User targetProfile), returning a boolean, so
that SecurityManager doesn't need to hit the session itself?
Thanks for your help so far everyone. For me, the hardest part of
using WO is knowing what's best practice in a certain situation. Your
replies are all very helpful.
Amy
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden