Hi, Say you have a web application where each user/member can only edit its own content but read all other's content.
I have the need for such a row level security in my current project, so I implemented a thin layer above sqlobject. (There is no change in SQLObject itself) If someone is interested, I am willing to share the code. It's implemented like the Unix access file rights. Each database row has an owner and a group and read/write access rights for the owner/group/others. If you don't have the proper rights, selects don't return the row (like in Oracles row level security). I've implemented a AcSQLObject class which overrides select and selectBy and adds the necessary where clauses to the db query. (again like Oracles row level security) If a turbogears identity is present the user and groups information is taken from there, if not the information is required in the select's call. But there is no integration with TG's permissions. It's not complete but a beginning and enough for my current project. -- Greg ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ sqlobject-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss
