Hello Malcolm, hello list
> Does anyone have any good Cayenne patterns for applying data security
> in queries. The scenario I am talking about is where you have a
> client which only has access to certain records in a table, so when
> the query the table they should only see their records. Similar
> concept to Oracles Find Grained Access Control (FGAC).
I am implementing something very similar to the Oracle FGAC way. But I
added the table model pattern to Cayenne to do so.
So in my architecture I renamed the Cayenne DataObject to DataRow. I then
introduced a DataTable to every DataRow. DataTables contain all logic
related to retrieving and persisting data of one table in the database.
DataRows are therefor "dumbed down" as they just contain logic related to
one record.
Let's say I have a Painting table. Then I generate a PaintingDataRow and a
PaintingDataTable class. In my PaintingDataTable I then implement the
logic to retrieve Painting records:
PaintingDataTable.getAllPaintings();
PaintingDataTable.getByForeignKey(keyArtist);
within these methods I then implement the access logic based on the
Session information. Based on the role information of the currently logged
in user I add some Where statements to the standard select statements.
Pseudo code:
PaintingDataTable.getAllPaintings()
{
select = "SELECT * FROM PAINTING";
if(!user.isAdmin())
{
select += "WHERE USER IS ALLOWED TO SEE PAINTING";
}
}
This architecture works quite good since all data retrieval is done via
the DataTables. And the DataTables enforce the access logic. It even has
the added value of having all retrieve logic in one place and not
everywhere in the code.
Actually the architecture is a little bit more complex (DataContainer,
Session, etc adding to the mess). But you should get the point. :)
Cheers,
Adrian
This archive was generated by hypermail 2.0.0 : Thu Mar 06 2008 - 02:15:22 EST