Hi Matt,
I know the api is a work in progress, so here's some food for thought...
I just had a quick look at the admin api code and it doesn't look like
login() actually does anything right now. It simply returns true if you
supply the correct password, it looks like it should create an auth struct
in session. However i don't think thats a particularly good idea as
"session.auth.loggedin" could easily clash with other application code, and
once logged in it exposes the password to the sesssion which is unnecessary.
how about refactoring slightly so there is a factory class on which login
can be called, with methods for retrieving the individual api classes.
Heres an example of how it might work.
adminapi = createobject("component", "bluedragon.adminapi.AdminAPI"); //
create the factory class
adminapi.login("admin"); // this would set a "loggedin" flag internally to
the class
dsnapi = api.getDatasourceAPI(); // would return Datasource.cfc after
injecting a reference to AdminAPI, via Base.setAdminAPI()
dsnArray = dsnapi.getDatasources(); // internally this would call
Base.checkLoginStatus(), which would be changed to call
getAdminAPI().isLoggedIn() or something similar..
now if the developer wants the session to remain logged in, they can simply
retain a reference to the adminapi (or any of the individual apis) in the
users session at a location of their choosing. Also when the request ends
and the reference to adminapi is lost the user is effectively logged out.
To me this seems to be a more secure pattern.
Cheers, Chris
2009/1/15 Matthew Woodward <[email protected]>
> mwkorver wrote:
>
>> Thanks, but isn't that what I am doing with this code?
>>
>> adminObj = createObject
>> ("component","bluedragon.adminapi.administrator").login("admin");
>>
>> when I do this adminObj is returing true, leading me to think at least
>> I have this part working. However when I do
>> the set datasource, I get an error saying I need to login.
>>
>>
>
> I'll have to play with it tomorrow. Just so folks know, while some things
> *may* work as an API at this point, using all those CFCs as a true API
> wasn't really part of the game plan for 1.0, but I'll definitely take a look
> and see what's going on here.
>
> --
> Matt Woodward
> [email protected]
> http://www.mattwoodward.com/blog
>
> Please do not send me proprietary file formats such as Word, PowerPoint,
> etc. as attachments.
> http://www.gnu.org/philosophy/no-word-attachments.html
>
>
--~--~---------~--~----~------------~-------~--~----~
Open BlueDragon Public Mailing List
http://groups.google.com/group/openbd?hl=en
official site @ http://www.openbluedragon.org/
!! save a network - trim replies before posting !!
-~----------~----~----~----~------~----~------~--~---
