Re: Model-View-Controller and user permissions
Re: Model-View-Controller and user permissions
- Subject: Re: Model-View-Controller and user permissions
- From: Chuck Hill <email@hidden>
- Date: Tue, 19 Jul 2011 11:44:27 -0700
On 2011-07-19, at 11:36 AM, Amy Worrall wrote:
>> I'd centralize all knowledge of this in some object like SecurityManager whose job it is authorize user actions. You could provide access to that via the session, but I think a better approach is to use ERXThreadStorage and access it via the thread. That way you avoid needing the component-session link.
>
> Sounds good. So, if I were using Direct2Web, I could have delegate
> methods that call the SecurityManager to check that a certain action
> is allowed?
That sounds right, but I will defer to someone who is more of a D2W guru than I. Which is almost everyone.
> I guess I should have a method like userCanEditProfile(User
> userToCheckPermissions, User targetProfile), returning a boolean, so
> that SecurityManager doesn't need to hit the session itself?
The Security manager would be created with the user. So in my mind, the request would be more like
securityManager().userHasPermissionFor(Permission.CanEditProfile, targetProfile)
> Thanks for your help so far everyone. For me, the hardest part of
> using WO is knowing what's best practice in a certain situation. Your
> replies are all very helpful.
Onward and upward! :-)
Chuck
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden