William Chesters wrote:
> > I want some rows of a table to be readable
> > only by users with a capability. I think I can
> > get this by adding a row:
> > Capability canread
> > and adding a non-null capability to such
> > rows.
>Yes, or you may find it better (depending on yr application) to
>override Persistent.assertCanRead(...), so as to allow or deny access
>based on the data itself (e.g. allow access to an invoice record to
>its issuing and receiving parties only).
> > However, looking at the code I think that
> > Selection.wm will result in a request
> > for the user to login as someone who can
> > read all rows.
> > This is no good but what would be OK is
> > for the rows that the user cannot read to
> > be excluded from the selection.
> > Can I get this just by configuring a
> > different Selection.wm?
>Actually I don't think you will be prompted to log in. I think it
>will display "[Access denied to williamc]", or some such message, in
>place of the row in question. This is because at the top of
>Selection.wm is a line
> #set $onVariableException = $melati.PassbackVariableExceptionHandler
>which causes exceptions (such as AccessPoemException) arising during
>rendering to be handled by returning them to be rendered in place of
>the offending expression. By default they are simply thrown, and
>then AccessPoemException (by default) indeed prompts login.
>The message shown is configurable too, because it is generated from
>as a consequence of Melati's generic mechanism for looking up
>"templet" files based on an object's class name.
>Hope this helps,
Yes that's very helpful (if it works ;-)). In fact you
mentioned this your javadocs of TailoredQuery.select()
but I've read quite a lot of code recently and cannot yet
see the wood for the trees.
I have been trying to understand whether there could
and should be more commonality between:
- what Table does (e.g. Table.selection())
- TailoredQuery and subtypes
- CachedQuery and subtypes
- dbms/AnsiStandard.givesCapabilitySQL() which
does roughly what I might have wanted to do with
a TailoredQuery or in Table.selection()
In fact I am still wondering whether filtering out
unreadable rows might be a useful option, but will
put that ball down for now.