[Yanel-dev] Enhancing the getView(...) by access control
Michael Wechner
michael.wechner at wyona.com
Thu Dec 25 03:28:19 EST 2014
Hi
I encounter several cases where access control is more complex than just
checking whether a particular user or group
should have access to a resource, but it can depend on the logic how the
view of a resource is being generated.
Hence I thought we might want to consider to enhance the Viewable
interface or the View itself. Just as we have an exists() method, we
might want to introduce a method called something like isProtected().
The method "getView(...)" currently exists in the following three classes
src/core/java/org/wyona/yanel/core/api/attributes/VersionableV2.java
src/core/java/org/wyona/yanel/core/api/attributes/ViewableV1.java
src/core/java/org/wyona/yanel/core/api/attributes/ViewableV2.java
and is mainly being used inside
src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
As an alternative we could also introduce a dedicated interface to
handle such situations, but it seems
to me that it makes most sense to associate the "isProtected()" method
somehow with the View, because it might
be possible that there is a public view and a private view of a
resource, like for example a user profile, where some information is
public and some information is private.
WDYT?
Thanks
Michael
More information about the Yanel-development
mailing list