[Seaside] Seaside Development. What goes on behind the scenes?
Cees de Groot
seaside@lists.squeakfoundation.org
1 Dec 2002 13:50:47 +0100
Julian Fitzell <julian@beta4.com> said:
>[...], the have an authorization
>system where you can ask if the current user can perform certain actions.
>
A list of things a user can do is hardly OO. Please make sure you look at
capability-based security, it is way more flexible. The idea is that you have
a sort of keychain of initial capability objects attached to the user, and by
talking to these objects you can get to other capabilities, and so on. Most
objects will be simple wrappers around other objects (e.g. a wrapper that
allows only access to methods that don't modify the instance, etcetera).
--
Cees de Groot http://www.cdegroot.com <cg@cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B
Cogito ergo evigilo