Hi Adrian,
thanks for the feedback.
regards Malcolm Edgar
On Thu, Mar 6, 2008 at 6:14 PM, Adrian Wiesmann <[EMAIL PROTECTED]> wrote:
> Hello Malcolm, hello list
>
>
> > Does anyone have any good Cayenne patterns for applying data security
> > in queries. The scenario I am talking about is where you have a
> > client which only has access to certain records in a table, so when
> > the query the table they should only see their records. Similar
> > concept to Oracles Find Grained Access Control (FGAC).
>
> I am implementing something very similar to the Oracle FGAC way. But I
> added the table model pattern to Cayenne to do so.
>
> So in my architecture I renamed the Cayenne DataObject to DataRow. I then
> introduced a DataTable to every DataRow. DataTables contain all logic
> related to retrieving and persisting data of one table in the database.
> DataRows are therefor "dumbed down" as they just contain logic related to
> one record.
>
> Let's say I have a Painting table. Then I generate a PaintingDataRow and a
> PaintingDataTable class. In my PaintingDataTable I then implement the
> logic to retrieve Painting records:
>
> PaintingDataTable.getAllPaintings();
> PaintingDataTable.getByForeignKey(keyArtist);
>
> within these methods I then implement the access logic based on the
> Session information. Based on the role information of the currently logged
> in user I add some Where statements to the standard select statements.
> Pseudo code:
>
> PaintingDataTable.getAllPaintings()
> {
> select = "SELECT * FROM PAINTING";
> if(!user.isAdmin())
> {
> select += "WHERE USER IS ALLOWED TO SEE PAINTING";
> }
> }
>
> This architecture works quite good since all data retrieval is done via
> the DataTables. And the DataTables enforce the access logic. It even has
> the added value of having all retrieve logic in one place and not
> everywhere in the code.
>
> Actually the architecture is a little bit more complex (DataContainer,
> Session, etc adding to the mess). But you should get the point. :)
>
> Cheers,
> Adrian
>
