What about making Tags private and having a method on Blog to get the tags and do something with Rhino.Security in that method or is that just bad practice?
On Wed, May 6, 2009 at 11:22 PM, Ayende Rahien <[email protected]> wrote: > Benny,Currently the only way to do that would be to query the tags > collection externally. > A better approach would be to integrate into NH's collection filters, but > that is not implemented > > > On Wed, May 6, 2009 at 4:27 PM, BennyM <[email protected]> wrote: > >> >> Hi again, >> >> I'm succesful at limiting the returned blog posts according to the >> users rights, the problem here is that once you have rights to a >> certain blog post, you're able to see all the tags associated with >> this post even though you aren't allowed to see some of these tags. >> >> I'm looking for a (kind of generic) way to limit the tags collection >> based on the users right while fetching a blog post, without looping >> through the tags collection ourselves and check for the rights. >> >> On Apr 10, 11:33 am, Ayende Rahien <[email protected]> wrote: >> > Yes, that is the idea, you limit your query by the permissions the user >> is >> > allowed to see. >> > >> > >> > >> > On Fri, Apr 10, 2009 at 12:24 PM, BennyM <[email protected]> wrote: >> > >> > > Let's take the example of a blog post with tags. Each user can create >> > > tags and add them to the post to find the posts back at a later time. >> > >> > > When the user views the blog post all tags that the user is allowed to >> > > view are displayed with the post. >> > >> > > How should this scenario be handled? Should I, after fetching the blog >> > > post, run trough all its tags to see if the user has sufficient rights >> > > on them, this is an 'easy' approach but doesn't feel right. >> > >> > > Or is it possible to do (or add to RS) something like, >> > > AddPermissionsToQuery(user, "/blog/view", criteria) where my criteria >> > > would load the blog post and add the security on the associated tags >> > > collection something like AddPermissionsToQuery(user, "/tags/ >> > > view","Tags", criteria). >> > >> > > public class Blog >> > > { >> > > public IList<Tags> Tags{get;set;} >> > > } >> > >> > > Thanks for your help!- Hide quoted text - >> > >> > - Show quoted text - >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
