> I'd centralize all knowledge of this in some object like SecurityManager > whose job it is authorize user actions. You could provide access to that via > the session, but I think a better approach is to use ERXThreadStorage and > access it via the thread. That way you avoid needing the component-session > link.
Sounds good. So, if I were using Direct2Web, I could have delegate methods that call the SecurityManager to check that a certain action is allowed? I guess I should have a method like userCanEditProfile(User userToCheckPermissions, User targetProfile), returning a boolean, so that SecurityManager doesn't need to hit the session itself? Thanks for your help so far everyone. For me, the hardest part of using WO is knowing what's best practice in a certain situation. Your replies are all very helpful. Amy _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
