Re: Data Access Filters

From: Malcolm Edgar (malcolm.edga..mail.com)
Date: Thu Mar 06 2008 - 05:26:34 EST

Next message: Malcolm Edgar: "Cayenne Transactions"

Previous message: Andrus Adamchik: "Re: From DataView location to DataView object?"
In reply to: Adrian Wiesmann: "Re: Data Access Filters"
Next in thread: Ahmed Mohombe: "Re: Data Access Filters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Adrian,

thanks for the feedback.

regards Malcolm Edgar

On Thu, Mar 6, 2008 at 6:14 PM, Adrian Wiesmann <awiesman..omap.org> wrote:
> Hello Malcolm, hello list
>
>
> > Does anyone have any good Cayenne patterns for applying data security
> > in queries. The scenario I am talking about is where you have a
> > client which only has access to certain records in a table, so when
> > the query the table they should only see their records. Similar
> > concept to Oracles Find Grained Access Control (FGAC).
>
> I am implementing something very similar to the Oracle FGAC way. But I
> added the table model pattern to Cayenne to do so.
>
> So in my architecture I renamed the Cayenne DataObject to DataRow. I then
> introduced a DataTable to every DataRow. DataTables contain all logic
> related to retrieving and persisting data of one table in the database.
> DataRows are therefor "dumbed down" as they just contain logic related to
> one record.
>
> Let's say I have a Painting table. Then I generate a PaintingDataRow and a
> PaintingDataTable class. In my PaintingDataTable I then implement the
> logic to retrieve Painting records:
>
> PaintingDataTable.getAllPaintings();
> PaintingDataTable.getByForeignKey(keyArtist);
>
> within these methods I then implement the access logic based on the
> Session information. Based on the role information of the currently logged
> in user I add some Where statements to the standard select statements.
> Pseudo code:
>
> PaintingDataTable.getAllPaintings()
> {
> select = "SELECT * FROM PAINTING";
> if(!user.isAdmin())
> {
> select += "WHERE USER IS ALLOWED TO SEE PAINTING";
> }
> }
>
> This architecture works quite good since all data retrieval is done via
> the DataTables. And the DataTables enforce the access logic. It even has
> the added value of having all retrieve logic in one place and not
> everywhere in the code.
>
> Actually the architecture is a little bit more complex (DataContainer,
> Session, etc adding to the mess). But you should get the point. :)
>
> Cheers,
> Adrian
>

Next message: Malcolm Edgar: "Cayenne Transactions"
Previous message: Andrus Adamchik: "Re: From DataView location to DataView object?"
In reply to: Adrian Wiesmann: "Re: Data Access Filters"
Next in thread: Ahmed Mohombe: "Re: Data Access Filters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Thu Mar 06 2008 - 05:27:08 EST