Re: [Cppcms-users] json_rpc and json questions
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] json_rpc and json questions
|
From: Artyom B. <art...@ya...> - 2011-05-21 09:31:04
|
> So if I do just that, the request parsing is made twice. One for obtain
> method name for check_privileges and another into json_rpc_server::main()
> function. I guess there are no other solution in actual design. Is it true?
If the privilege control is made on the level of each specific method like
get(id) // for all
update(id,new_value) // for privilege user
Then you should check it inside method and not outside,
void update(std::string const &id,my_object const &vale)
{
if(!check_permissions()) {
return;
}
objects_[id]=value;
}
void get(std::string const &id)
{
return_result(objects_[id]);
}
bool check_permissions()
{
if(session().get("role","nobody")!="admin") {
return_response("Not authorised");
return false;
}
return true;
}
The point you should not decouple parts of code that
are truly connected. This way you know from looking
to the method its permissions.
Consider you add in future new method add() that is for priviliged users
thus you have to add permissions control in one place and method
itself in other.
It is dangerous practice.
Artyom
|
