On 2011-07-19, at 11:36 AM, Amy Worrall wrote: >> I'd centralize all knowledge of this in some object like SecurityManager >> whose job it is authorize user actions. You could provide access to that >> via the session, but I think a better approach is to use ERXThreadStorage >> and access it via the thread. That way you avoid needing the >> component-session link. > > Sounds good. So, if I were using Direct2Web, I could have delegate > methods that call the SecurityManager to check that a certain action > is allowed?
That sounds right, but I will defer to someone who is more of a D2W guru than I. Which is almost everyone. > I guess I should have a method like userCanEditProfile(User > userToCheckPermissions, User targetProfile), returning a boolean, so > that SecurityManager doesn't need to hit the session itself? The Security manager would be created with the user. So in my mind, the request would be more like securityManager().userHasPermissionFor(Permission.CanEditProfile, targetProfile) > Thanks for your help so far everyone. For me, the hardest part of > using WO is knowing what's best practice in a certain situation. Your > replies are all very helpful. Onward and upward! :-) Chuck -- Chuck Hill Senior Consultant / VP Development Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems. http://www.global-village.net/products/practical_webobjects _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
