At the moment permission checks are done all over the place in
Bodington. One layer that often does checks is the BuildingSession
layer. Now I am wanting to call a method at the session layer that
requires sysadmin permission but in this instance I want to allow a
lesser user to make the call. I don't want to move the permission check
to the Facility layer as this just leads to people calling the method
and forgetting to perform the permission check, or performing a
different permission check.
So which route should I take:
- Create another method that doesn't have the permission check.
- Switch users before making the call? BuildingContext.setUser().
Should the BuildingContext have a running as property so that permission
checks can be made against this user but the actions would be attributed
to the correct user. This also might eventual be a route to allowing
users to assume the identity of other users.
--
-- Matthew Buckett, VLE Developer
-- Learning Technologies Group, Oxford University Computing Services
-- Tel: +44 (0)1865 283660 http://www.oucs.ox.ac.uk/ltg/
|
