[Seaside] Re: authorization for seaside?
pdebruic at gmail.com
Fri Oct 26 20:04:42 UTC 2012
On 10/26/2012 12:50 PM, sergio_101 wrote:
>> What kind of authorization are you thinking of?
> once a user is authenticated, controlling what they can do to an object..
> for instance, they could possibly:
> view all blog entries
> edit only theirs
> add pages if their role is admin
> edit any pages belonging to their group.
mmm I usually just do something in the rendering methods like:
self renderViewPages: html
self session userIsAdmin ifFalse:[^self].
self renderAddPages: html
or for things where the user isn't an admin but admins or the user
should be able to view/edit it:
self userIsAdminOrSignedInUser ifTrue:[
self renderBlogPagesFor: self user on: html
where #userIsAdminOrSignedInUser is
^self session userIsAdmin or:[self session user = self user]
I'd love to have other/better ideas & approaches. I never use
decorations and suspect they may be helpful here.
More information about the seaside