[Yanel-dev] Enhancing the getView(...) by access control
Michael Wechner
michael.wechner at wyona.com
Thu Dec 25 03:38:21 EST 2014
Am 25.12.14 um 09:28 schrieb Michael Wechner:
> Hi
>
> I encounter several cases where access control is more complex than just
> checking whether a particular user or group
> should have access to a resource, but it can depend on the logic how the
> view of a resource is being generated.
>
> Hence I thought we might want to consider to enhance the Viewable
> interface or the View itself. Just as we have an exists() method, we
> might want to introduce a method called something like isProtected().
>
> The method "getView(...)" currently exists in the following three classes
>
> src/core/java/org/wyona/yanel/core/api/attributes/VersionableV2.java
> src/core/java/org/wyona/yanel/core/api/attributes/ViewableV1.java
> src/core/java/org/wyona/yanel/core/api/attributes/ViewableV2.java
I noticed that there is also
workflowable.getLiveView(...)
or rather
src/core/java/org/wyona/yanel/core/api/attributes/WorkflowableV1.java
Thanks
Michael
>
> and is mainly being used inside
>
> src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
>
> As an alternative we could also introduce a dedicated interface to
> handle such situations, but it seems
> to me that it makes most sense to associate the "isProtected()" method
> somehow with the View, because it might
> be possible that there is a public view and a private view of a
> resource, like for example a user profile, where some information is
> public and some information is private.
>
> WDYT?
>
> Thanks
>
> Michael
>
>
>
More information about the Yanel-development
mailing list