I do use binding, just forgot to mention that.
Example:
<mx:Button enabled="{ModelLocator.getInstance().user.userInRole(
Constants.SAVEACCT )}"/>
Dimitrios Gianninas
RIA Developer Team Lead
Optimal Payments Inc.
________________________________
From: [email protected] [mailto:[email protected]] On Behalf
Of Gregor Kiddie
Sent: Tuesday, January 20, 2009 9:58 AM
To: [email protected]
Subject: RE: [flexcoders] Roles Based UI
As someone who is currently re-working their Role Based Access Control
mechanism, point 2 is the wrong way around.
It leaks the roles into the rest of the client and stops all your business
logic being in one place. Incidentally, this is how we currently do it, and I
can show how it's a pain when new roles are added.
The better solution is to bind the visibility (enabled, etc, however you deal
with not having the correct authorization) of the UIComponent to a hasAccess(
componentKey : String ) method on the User class.
This has benefits of meaning that all the code for deciding on access is in one
place (and makes it very easy to alter / add / remove roles and components),
and by binding it, if the authentication changes for any reason, the view can
be updated quickly and cleanly.
A pitfall to watch out for is hiding pieces of UI which has unexpected
behaviour. For example, not showing a piece of the form if the user doesn't
have the auth to change that data, if your backend deletes any data it isn't
sent by the client, it is easy to turn a "not authorised" into a "delete lots
of data". So make sure your client behaviour fits the use cases defined by your
back end.
Gk.
Gregor Kiddie
Senior Developer
INPS
Tel: 01382 564343
Registered address: The Bread Factory, 1a Broughton Street, London SW8 3QJ
Registered Number: 1788577
Registered in the UK
Visit our Internet Web site at www.inps.co.uk <blocked::http://www.inps.co.uk/>
The information in this internet email is confidential and is intended solely
for the addressee. Access, copying or re-use of information in it by anyone
else is not authorised. Any views or opinions presented are solely those of the
author and do not necessarily represent those of INPS or any of its affiliates.
If you are not the intended recipient please contact [email protected]
________________________________
From: [email protected] [mailto:[email protected]] On Behalf
Of Dimitrios Gianninas
Sent: 20 January 2009 14:33
To: [email protected]
Subject: RE: [flexcoders] Roles Based UI
Pretty simple:
1) Once you app is loaded, call your server to load the user info
2) Assuming you have a User class with a method isUserInRole( role:String );
... then use this on various Buttons/fields/views to show/hide based on if the
user has a particuliar role or not
Dimitrios Gianninas
RIA Developer Team Lead
Optimal Payments Inc.
________________________________
From: [email protected] [mailto:[email protected]] On Behalf
Of ilikeflex
Sent: Monday, January 19, 2009 1:18 AM
To: [email protected]
Subject: [flexcoders] Roles Based UI
Hi
I am developing role based GUI. Can anybody please point to best
practices or any flex article which can help to achieve this.
Thanks
ilikeflx
AVIS IMPORTANT
WARNING
Ce message électronique et ses pièces jointes peuvent contenir des
renseignements confidentiels, exclusifs ou légalement privilégiés destinés au
seul usage du destinataire visé. L'expéditeur original ne renonce à aucun
privilège ou à aucun autre droit si le présent message a été transmis
involontairement ou s'il est retransmis sans son autorisation. Si vous n'êtes
pas le destinataire visé du présent message ou si vous l'avez reçu par erreur,
veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses
pièces jointes, de votre système. La lecture, la distribution, la copie ou tout
autre usage du présent message ou de ses pièces jointes par des personnes
autres que le destinataire visé ne sont pas autorisés et pourraient être
illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en
aviser l'expéditeur.
This electronic message and its attachments may contain confidential,
proprietary or legally privileged information, which is solely for the use of
the intended recipient. No privilege or other rights are waived by any
unintended transmission or unauthorized retransmission of this message. If you
are not the intended recipient of this message, or if you have received it in
error, you should immediately stop reading this message and delete it and all
attachments from your system. The reading, distribution, copying or other use
of this message or its attachments by unintended recipients is unauthorized and
may be unlawful. If you have received this e-mail in error, please notify the
sender.
--
WARNING
-------
This electronic message and its attachments may contain confidential,
proprietary or legally privileged information, which is solely for the use of
the intended recipient. No privilege or other rights are waived by any
unintended transmission or unauthorized retransmission of this message. If you
are not the intended recipient of this message, or if you have received it in
error, you should immediately stop reading this message and delete it and all
attachments from your system. The reading, distribution, copying or other use
of this message or its attachments by unintended recipients is unauthorized and
may be unlawful. If you have received this e-mail in error, please notify the
sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des
renseignements confidentiels, exclusifs ou légalement privilégiés destinés au
seul usage du destinataire visé. L'expéditeur original ne renonce à aucun
privilège ou à aucun autre droit si le présent message a été transmis
involontairement ou s'il est retransmis sans son autorisation. Si vous n'êtes
pas le destinataire visé du présent message ou si vous l'avez reçu par erreur,
veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses
pièces jointes, de votre système. La lecture, la distribution, la copie ou
tout autre usage du présent message ou de ses pièces jointes par des personnes
autres que le destinataire visé ne sont pas autorisés et pourraient être
illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en
aviser l'expéditeur.
