Yes, that is the idea, you limit your query by the permissions the user is allowed to see.
On Fri, Apr 10, 2009 at 12:24 PM, BennyM <[email protected]> wrote: > > Let's take the example of a blog post with tags. Each user can create > tags and add them to the post to find the posts back at a later time. > > When the user views the blog post all tags that the user is allowed to > view are displayed with the post. > > How should this scenario be handled? Should I, after fetching the blog > post, run trough all its tags to see if the user has sufficient rights > on them, this is an 'easy' approach but doesn't feel right. > > Or is it possible to do (or add to RS) something like, > AddPermissionsToQuery(user, "/blog/view", criteria) where my criteria > would load the blog post and add the security on the associated tags > collection something like AddPermissionsToQuery(user, "/tags/ > view","Tags", criteria). > > public class Blog > { > public IList<Tags> Tags{get;set;} > } > > Thanks for your help! > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
