[Seaside] Re: authorization for seaside?

Paul DeBruicker pdebruic at gmail.com
Fri Oct 26 20:04:42 UTC 2012

On 10/26/2012 12:50 PM, sergio_101 wrote:
>> What kind of authorization are you thinking of?
> once a user is authenticated, controlling what they can do to an object..
> for instance, they could possibly:
> view all blog entries
> edit only theirs
> add pages if their role is admin
> edit any pages belonging to their group.
> thanks!

mmm  I usually just do something in the rendering methods like:

	self renderViewPages: html
	self session userIsAdmin ifFalse:[^self].
	self renderAddPages: html


or for things where the user isn't an admin but admins or the user 
should be able to view/edit it:

	self userIsAdminOrSignedInUser ifTrue:[
		self renderBlogPagesFor: self user on: html

where #userIsAdminOrSignedInUser is
	^self session userIsAdmin or:[self session user = self user]

I'd love to have other/better  ideas & approaches.  I never use 
decorations and suspect they may be helpful here.

More information about the seaside mailing list