[Seaside](Newie)The "right" way to CRUD

Sun Jun 24 00:44:58 UTC 2007

Hi Eugenio,

I'm not sure about Magma and Magritte, so I'm not sure how much help this
will be, but in my experience it's a good idea to define user roles.  You
will find that most screens can be simplified by adding security at the
basic screen level, either you have access to the screen or you do not.
Access to the screen should be granted on a user level or a role level.
(It's also a good idea to exclude users, so for example grant access to
everyone in the help desk group except Joe) 

For more complex applications it's difficult to decide which fields need
what permissions.  The last major applications I wrote I handled this by
punting.  What I did was allow the users, (administrators mostly) the
ability to grant permissions to each field, button and page.  This worked
really well except that they mostly only applied permissions to screens,
very rarely did they find reason to allow someone to Read and not Edit,
Create or Update.

Also the administration was a bit complex, I should have simplified it, or
at a minimum I would crate an easier way to see what permissions were set on
what screens for whom.  In these cases simpler is better.

My suggestion for you is to forget CRUD permissions unless you really have a
reason to apply those permissions somewhere, then handle that situation, but
do a good job instead with access based on users, roles and exceptions.  You
will probably find that access control gives you almost everything you need.
(I did end up creating some new screens for different user groups, but this
is much easier then figuring out how to modify a single screen to meet
everyone's needs).  Also creating dynamic menus based on roles really helps
to clean up the application.  Instead of having disabled buttons, or menu
items, it's much better to just remove them for users that can not access
them anyway.

Oh and one more thing.  It's a good idea to make the roles so that they can
hold both permissions and other roles and to let users have multiple roles.
That way someone could, for example, be a Help Desk member and a Team
Manager.  It's much easier to build up permissions for a user based on roles
then create a new role like Team Manager Help Desk.  

Hope that helps,
Happy Coding,

Ron Teitelbaum
President / Principal Software Engineer
US Medical Record Specialists

________________________________________
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Eugenio
Innocenti
Sent: Saturday, June 23, 2007 9:24 AM
To: seaside at lists.squeakfoundation.org
Subject: [Seaside](Newie)The "right" way to CRUD

I'm starting to play with Seaside and Magma (and Smalltalk too :).
But I still don't realize how it would be the right way to do a CRUD.
I'm watching some tutorials (some uses Magritte, some are old), but still
nothing clear to me. 
I want to know eg: I have my Person class, I have some instances stored in
Magma (or could a simple collection), now I want to be able to create a
Person from a form, edit it, and delete it.
There is a "right" way to do this? 
There is a "right" way to manage transactions in this process?
Does anybody has an example to point me?

Thank you very much.
Eugenio.