[Bodington-developers] Permissions Checking at the Session Layer

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

At the moment permission checks are done all over the place in 
Bodington. One layer that often does checks is the BuildingSession 
layer. Now I am wanting to call a method at the session layer that 
requires sysadmin permission but in this instance I want to allow a 
lesser user to make the call. I don't want to move the permission check 
to the Facility layer as this just leads to people calling the method 
and forgetting to perform the permission check, or performing a 
different permission check.

So which route should I take:

- Create another method that doesn't have the permission check.
- Switch users before making the call? BuildingContext.setUser().

Should the BuildingContext have a running as property so that permission 
checks can be made against this user but the actions would be attributed 
to the correct user. This also might eventual be a route to allowing 
users to assume the identity of other users.

-- 
  -- Matthew Buckett, VLE Developer
  -- Learning Technologies Group, Oxford University Computing Services
  -- Tel: +44 (0)1865 283660 http://www.oucs.ox.ac.uk/ltg/