Andreas Hartmann wrote: > Josias Thöny wrote: > > [...] > >>> Not sure but the user needs to be part of the admin group, right? >>> >>> The user is contained in the session, right? >>> >>> Then we need to check in the precondition whether the current user is in >>> the admin group, if not add a errorMessage. >>> >>> Did I miss something? >> >> The problem is that non-admin users should be able to edit their >> profile, but not the profile of other users. >> Only admins may edit the profile of other users. >> >> Is it an option to have different usecases for these two situations? One >> usecase is for admins only and allows to edit data of any user. The >> other one is accessible for anybody, but only allows to edit the data of >> the current user. > > This is certainly an option from a feasibility point of view, but > IMO the functional aspects of a usecase should be clearly separated > from the access control aspects. Therefore I'd like to avoid putting > access control related code in the checkPreconditions() methods.
security is one of the few fields where i would prefer a simple, inelegant hardcoded approach that is easily understood and reviewed to an elegant, soc-conformant but complicated approach. for now, i would take the same approach as with the password issue, like josias suggests. it leads to a lot of code duplication, but that can be alleviated in two ways: * by introducing abstract classes with most of the functionality and deriving both admin and user usercases from them (see my alternative solution to andreas' password fix in bugzilla) * by parameterizing the usecases. currently, this is not possible, because all state information has to be passed on by http parameters, which can be tampered with, but andreas spoke about changing usecases to pojos that will then be able to have server-side state information and be either in "admin" or "mere mortal" mode with different behaviour re authorization. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
