Hi David! On 2010-09-09, at 3:03 PM, David Avendasora wrote:
> Hi all D2W Gurus, > > I'm starting a new D2W app, and one of the things it needs to do is > automatically pre-qualify all listings of of entities to filter down to only > the EOs that the user is allowed to see. Bug Tracker does stuff like this in the Factory class. You'll find that actions return different qualified lists of things and likely uses a different pageConfiguration for each one (I'm going from memory here). It also heavily leverages the clazz pattern. Take a look at the EO for Bug. The way I have been doing it is to set up a navigationRootChoice based on the logged in user (conditionally display tabs). Then when they further differentiate themselves I store that to ERXThreadStorage, and the tabs reconfigure based on this new layer of qualification. You could do this multiple times, I guess. Take a look at childrenChoices code in the NavigationMenu.plist for BugTracker > The logic to tell if a user is allowed will be somewhat complicated as a user > can belong to one or more organizations, and may have one or more roles > within each organization. Rules should handle it. See Bug.java for the different ways lists of Bugs are returned to the app. > > I want to add a qualifiers to all searches that they perform that take their > Organizations and Roles into account. Each entity that they search on will > have their own set of qualifiers to do this filtering. I think you may want to do this in your business logic. You will need to leverage ERXThreadStorage to do so, however. > > I'm figuring on adding the qualifiers to the session so I can grab them from > there. ERXThreadStorage. Then you can use them directly in your business logic. You can set fetch specifications that can be as complex as you wish using the qualifiers that you have stored. > There are hints of how to do this in this email chain from a couple years > ago: http://lists.apple.com/archives/webobjects-dev/2007/Sep/msg00032.html > but I'm not sure where to start implementing this for my project, and I > didn't see any obvious examples in the BugTracker demo app. > > Any tips or pointers to other apps that do this? You can also do this in the navigation menu. Conditionally show or hide whole pageConfigurations based on some method. (see NavigationRootChoice method in BugTracker on the Session class) You can also hide and show attributes on a page with rules such as entity.name = 'Media' and 'session.user.isAdmin' = true => displayPropertyKeys = ("x","y","z") I have found that out of the box the restricting object stuff worked reliably for one, but as soon as my needs got more complex, I had much better success moving what I wanted to do to business logic. If you step back, you'll probably agree it makes more sense to be there than in the component or controller anyway. BUT, there are many ways to skin this cat. HTH, d > > Thanks! > > Dave _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/programmingosx%40mac.com > > This email sent to programming...@mac.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
