Hi! I have a question about good app design. I know that, as mentioned in the WOWODC videos I've watched, a common beginner mistake is to put most of the logic in the page components. Indeed, I've been guilty of that myself in apps I've made in the past. I know the fundamentals of MVC from my background in Cocoa.
So suppose I have an app where users have their own profile. Each user can edit his own profile, whereas an admin can edit any profile. Where abouts does the logic go to check if someone is authorised to edit a particular profile? Should there be a method on the Session, to return a boolean for "can edit this profile"? If that's the case, from where is that method called? I know I could do it by having the page component call the authorisation method, and return an error page instead if it goes wrong. But that seems to tie the logic too much to my view: what if I come to add a REST API later? I'd need to duplicate my permissions logic, since it wouldn't be using the WOComponent that outputs the HTML page. Ditto if I add another page elsewhere that happens to be able to make a profile change (say, allowing an inline name change on another otherwise unrelated page). Ideally I think the data model itself should be able to reject an edit if it's performed without permission, but then we get into problems since the data model shouldn't know about the session. Also, I'm considering using Direct To Web (at least to some extent) for this project. I've never used it for anything more than an admin interface (i.e. one global login, if you're in then you can edit everything). If I were using Direct To Web, is the answer to the above question the same? Thanks for your help, Amy _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
