Quoting Rickard Öberg <[email protected]>:
I guess i should rephrase that question: what kind of access control is
available to roles? I mean specifying which roles are exposed through
some role. Or is any role castable into any other role at any time? That
would at least invalidate to use roles for immutable query -type of
roles, as one could just cast the immutable query role into mutable one.
A composite has only one proxy, which implements the composite type
plus all roles, so yes you can cast it any way you want to. It is up
to the code to ensure that it only uses roles within it's context.
Ahh, I see. How deep goes assumption of composite having exactly one
proxy go? I'm just wondering - how hard and meaningful (well, it would
be really meaningful for me :) ) would it be to create simple access
rule mechanism for roles, where each role would be a proxy
implementing all roles accessible from it + role itself. Thus, the
Composite interface from which all composites inherit, could have a
<T> getRole(Class<T> role) method, which would return the proxy for
that role.
Actually, now that I'm thinking about it, it might get too confusing
between using class cast and getRole(...). At least at the start.
Maybe the class casting as getting a role could be dropped altogether
in favor of getRole(...) method, which could do all the checking?
Would it be too cumbersome or inefficient?
_______________________________________________
qi4j-dev mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/qi4j-dev
