Alternative would be to have several methods in the Gateway:
getByID(studentID): return only 'safe' columns
getAdminDataByID(studentID): return all columns, including the secured ones,
and then in this method you could test the user's credentials before the
query was run:
if (not arguments.user.isAdmin) {
return getByID(arguments.studentID);
}
@Baz: another example of secure columns would be payroll information: not
every employee should see that info, and if you couldn't factor those
columns out into a separate table you would still need to allow certain
requestors to see payroll and most not to see payroll.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CFCDev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cfcdev?hl=en
-~----------~----~----~----~------~----~------~--~---
