Home Projects Jobs Clientele Contact


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UU: keeping track of user and his access

Ok, this sounds good. I understand that UuRequest should be derived from HttpServletRequest. However, it isn't clear to me - where/how UuRequest should be created/released.

2008/11/10 Alexey Parshin <alexeyp@gmail.com>
I will think about it.

2008/11/10 Ilya A. Volynets-Evenbakh <ilya@total-knowledge.com>

BTW, another good candidate for inclusion in UuRequest class,
is database connection acquisition functionality. If we use UuRequest,
we don't need the CAutoConnection, especially if we need to pass it
around to different functions (I presume that if we need db info, we'll
need the request object as well anyways).

Thus, I'm thinking something like
CConnection* UuRequest::getDb()
      m_db = ....
   return m_db;

And then UuRequest::~UuRequest can release the connection back to the
pool ...


Ilya A. Volynets-Evenbakh wrote:
> There is an important thing I want to change in the way
> libui is organized. Right now every page has to check
> for login info explicitly. Then each page does something
> own (usually just gives an error message).
> What I think should happen in case of access error, is
> redirect to the login page, followed by redirect back to
> the source page, after login is done. This is in case user
> wasn't logged in at all. If, however, user was logged in,
> but doesn't have access to the relevant action on an object,
> he should get a message which describes ways to get a hold
> of such access. For example, if someone tries to edit a topic,
> which he/she doesn't own, a message with contact info of
> owners should be displayed.
> The first part can be achieved as follows:
> 1. We implement UuServlet::service function, which will _never_
>    be overridden by derived classes.
> 2. UuServlet::service() first retrieves user info
> 3. There is abstract virtual bool UuServlet::access(User*)=0; function
> 4. UuServlet::service calls access(User*) function (NULL means
>    no login info available)
> 5. If access returns false, we save current page in session attribute
>    and redirect to the login page
> 6. If access() returns true, we call UuServlet::service(UuRequest&,
> UuResponse&)
>    (UuRequest and UuResponse classes are derived from
> Http{Request,Response}Wrapper
>     classes, and add ways to access User object of the session, if
> present, along
>     with some other request-specific info, which we might find useful.)
> Obviously,
>     this service function is abstract as well.
> We might be able to satisfy second requirement, by wrapping whole
> access() and service() calls into a try/catch block, and providing
> special UuAccessException, which can be thrown by either of these
> functions, in case current user doesn't have enough access for current
> action on current object. In the handler block for the exception we could
> forward to a special CSP.
>     Ilya.

Alexey Parshin,

Alexey Parshin,

Authoright © Total Knowledge: 2001-2008