Annotation-Based permissions

05/08/2012

Make use of annotations to grant and validate permissions

In the early days of software-development, all permission-based checks were done programmatically and explicitly.
If you wanted to check, if a user is allowed to execute a section of the code, you'd had to check the permissions before entering the code-section.

This lead to many copy-and-paste lines resulting in even more code and more possible errors. In addition, errors were handled different, depending on the current programmer. One raised an exception, a second created an error-code and the third terminated the execution completely.

Up from Kajona v4, the core supports the state-of-the art approach of annotation-based permission checks. The legacy way - validating the permissions programmatically is still working, but could be replaced in many cases.

Every time an action (portal or admin) is called by the controller, the required permissions may be declared and thus processed automatically.

Example:

protected function actionList() { ... }

In most cases, the action should only be called in case of granted view-permissions. Therefore the annotation @permissions is added, followed by the named permissions:

/**
  * @permissions view
  */
protected function actionList() { ... }

Multiple permissions may be added comma-separated:

/**
  * @permissions view,edit,delete
  */
protected function actionEdit() { ... }

When calling the action-method, the controller validates each permission against the current user. If a single permission is not granted, the controller throws an exception and terminates the action call, passing the request to the next processor.

TL;DR:
Kajona v4 will introduce a new annotation to validate the current users' permissions:

@permissions [name(,name)*]

This annotation is evaluated for action-methods only.

Filed under: TOP-News en TOP-News de Kajona News en Kajona News de
No comments made till now
Fork me on GitHub