Re: [Openinteract-help] CommonHandler security

[Chris W. <ch...@cw...>]

* Tho...@be... (Tho...@be...) [011207 10:17]:
> Is it possible to modify the search criteria from exact to near in
> dependency of the security level?
> 
> We tried like this :
> ...
> If the security level is 'write' the user should be able to search
> without exact phrases.
> 
> How do we manage this ?

Good question. Currently you can't -- the environment isn't properly
setup so that you can find out what the security for the current
user/current action is.

I'll modify ::CommonHandler to pass around the parameter hashref (\%p)
that's setup by OI::Handler::GenericDispatcher which has the security
in it. That way all the customization methods (including
_search_criteria_customize() and _search_build_where_customize()) can
have access to it, and you can add your criteria like this:

sub _search_build_where_customize {
    my ( $class, $tables, $where, $values, $p ) = @_;
    my $apr = OpenInteract::Request->instance->apache;
    my $to_search = $class->_read_field( $apr, 'field' );
    if ( $p->{level} >= SEC_LEVEL_WRITE ) {
       push @{ $where }, " field LIKE ? ";
       push @{ $value }, "%$to_search%";
    }
    else {
       push @{ $where }, " field = ? ";
       push @{ $value }, $to_search;
    }
}

Hope that makes sense.

In the future, this will probably be solved in one of a couple ways:

 - Create an ActionDispatcher class which gets called to run every
 action and sets information in $R accordingly

 - Create an ActionDispatcher object which gets instantiated with
 every action and maintains state about it

I'm leaning toward the second, but we'll see.

Chris

-- 
Chris Winters (ch...@cw...)
Building enterprise-capable snack solutions since 1988.