--- On Sat, 5/2/09, Scott Gray <[email protected]> wrote:
> From: Scott Gray <[email protected]>
> Subject: Re: Authz API Discussion (was re: svn commit: r770084)
> To: [email protected]
> Date: Saturday, May 2, 2009, 5:02 AM
> One thing that came to mind during our
> "discussion" today and I'm not sure how
> feasible it is but I'll throw it out there anyway:
> Most record based permission checks come to down querying
> the database for related records to check various roles and
> whatnot right? So what if instead of querying the database
> independently we provided some sort of security wrapped
> delegator to the applications that intercepts database
> queries and automatically appends the required entity
> expressions to the query.
That's a great idea! My picture of an ideal security refactor is to make more
of the framework "security-aware" - like your example here.
-Adrian
