> I understand wanting to avoid code duplication, but in my experience this is > a common security paradigm. You check permissions in the view to make sure > you don't show a user something they can't do. You then check the > permission on the server in your business logic because you don't trust the > view (what if they knew the URL that you hid in the view).
Actually, I think asking for the permission twice is "cleaner" than having to duplicate something like 'only if the user has role "reviewer" and is assigned as one of the reviewers and has not reviewed yet'. In this case the permission check would behave like invoking a method that checks for all that and you only have to change the way the permission works to have both (controller and view) work the same way. But I dislike the notion of having hundreds of permission DB entries... Cheers, DJ
