On 27/10/06, Josef Karthauser <[EMAIL PROTECTED]> wrote: > SO, here's a question for you. What's the easiest way to wrap security > around the existing CRUD actions? i.e. I need to put a piece of code in > somewhere which will get all the crud action (list,edit,etc) to fail > unless the logged in user has some particular attributes.
I'd write a method in your Driver/Controller that checks the action and class, works out if the user (which should be authenticated before doing this) is allowed to do the action against the class - maybe associate users with groups and allow each group a limited set of actions accross all tables. You could use a passwd style file, or a database, or CDBI classes for the tables that map groups to users and privileges. Then call that method in the authorise method once you've got the user authenticated. That way it's part of the authentication and authorisation before each request is handled. Another thing I do is split frontend and backend applications - I can then have entirely seperate authentication and authorisation for the admin side and frontend side, limiting some actions to frontend and others to backend. I've fixed the broken URL in the MultiLevelAuthentication page on the wiki so it points to lathos' tutorial on authentication : http://www.aarontrevena.co.uk/opensource/maypole/authentication.html Hope that's helpful. A. -- http://www.aarontrevena.co.uk LAMP System Integration, Development and Hosting ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Maypole-users mailing list Maypole-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/maypole-users
