1 May
2006
1 May
'06
11:31 a.m.
Hi Lukas,
Am 30.04.2006 um 21:55 schrieb Lukas Renggli:
Yes, I know that this is a common way to think. What bothers me is
this (from a naive point of view):
- security should not something which is only be added (thats the
nature of decoration), because what was added can also be removed or
forget to add. It seems more natural to me that security is deep in
the mechanism of objects (or better message send), like the vats in E
or Islands in Croquet.
- if one say model or buisness logic, one could easily think at the
multi tier architectures. Here it is a common way to say, security
must handled be the database objects (for example), not by the
objects which are only a viewer. My problem is 1) that these viewers
are mediators of security and 2) that in complex systems this
viewers can be itself complex object with model-view architecture.
From this I would naively think, that looking at security of
buisness logic objects is not enough, or in other words, the
partitioning in model-view is not unambiguous and (in some way)
fractal. BTW, thats one point why I like Tweak, because it's
architecture adresses this problem.
But maybe I'm only paranoid :-))
Thanks for the code example, it answers indeed my question.
Regards
Hans
For security
and web, I'm a little bit paranoid, especially at
such powerful systems like Pier ;-) I've discussed security in
Seaside/Pier with a friend, and from this I'm not sure today what I
expect from such systems like seaside/pier. He says, security
belongs only to buisness logic. I'm not so shure, also what to call
buisness logic in Pier...... I will post a related question to the
list later.
If your friend means "model" when talking about "business logic", he
is right: the security decoration is a pure model object, that works
exactly the same for all views, not just seaside one. Thanks to the
nature of visitors one can easily control how security concerns are
handled when performing operations.