[Seaside] Re: authorization for seaside?
Paul DeBruicker
pdebruic at gmail.com
Fri Oct 26 20:04:42 UTC 2012
On 10/26/2012 12:50 PM, sergio_101 wrote:
>>
>> What kind of authorization are you thinking of?
>>
>
> once a user is authenticated, controlling what they can do to an object..
>
> for instance, they could possibly:
>
> view all blog entries
> edit only theirs
> add pages if their role is admin
> edit any pages belonging to their group.
>
> thanks!
>
>
mmm I usually just do something in the rendering methods like:
renderContentOn:html
self renderViewPages: html
self session userIsAdmin ifFalse:[^self].
self renderAddPages: html
or for things where the user isn't an admin but admins or the user
should be able to view/edit it:
renderBlogPagesOn:html
self userIsAdminOrSignedInUser ifTrue:[
self renderBlogPagesFor: self user on: html
]
where #userIsAdminOrSignedInUser is
^self session userIsAdmin or:[self session user = self user]
I'd love to have other/better ideas & approaches. I never use
decorations and suspect they may be helpful here.
More information about the seaside
mailing list