As someone who is currently re-working their Role Based Access Control mechanism, point 2 is the wrong way around.
It leaks the roles into the rest of the client and stops all your business logic being in one place. Incidentally, this is how we currently do it, and I can show how it's a pain when new roles are added. The better solution is to bind the visibility (enabled, etc, however you deal with not having the correct authorization) of the UIComponent to a hasAccess( componentKey : String ) method on the User class. This has benefits of meaning that all the code for deciding on access is in one place (and makes it very easy to alter / add / remove roles and components), and by binding it, if the authentication changes for any reason, the view can be updated quickly and cleanly. A pitfall to watch out for is hiding pieces of UI which has unexpected behaviour. For example, not showing a piece of the form if the user doesn't have the auth to change that data, if your backend deletes any data it isn't sent by the client, it is easy to turn a "not authorised" into a "delete lots of data". So make sure your client behaviour fits the use cases defined by your back end. Gk. Gregor Kiddie Senior Developer INPS Tel: 01382 564343 Registered address: The Bread Factory, 1a Broughton Street, London SW8 3QJ Registered Number: 1788577 Registered in the UK Visit our Internet Web site at www.inps.co.uk <blocked::http://www.inps.co.uk/> The information in this internet email is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is not authorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of INPS or any of its affiliates. If you are not the intended recipient please contact [email protected] ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Dimitrios Gianninas Sent: 20 January 2009 14:33 To: [email protected] Subject: RE: [flexcoders] Roles Based UI Pretty simple: 1) Once you app is loaded, call your server to load the user info 2) Assuming you have a User class with a method isUserInRole( role:String ); ... then use this on various Buttons/fields/views to show/hide based on if the user has a particuliar role or not Dimitrios Gianninas RIA Developer Team Lead Optimal Payments Inc. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of ilikeflex Sent: Monday, January 19, 2009 1:18 AM To: [email protected] Subject: [flexcoders] Roles Based UI Hi I am developing role based GUI. Can anybody please point to best practices or any flex article which can help to achieve this. Thanks ilikeflx AVIS IMPORTANT WARNING Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L'expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'êtes pas le destinataire visé du présent message ou si vous l'avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l'expéditeur. This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
