I use a fairly simple approach in implementation. Usually with a SecurityGuard service that contains all my security checks, which will throw SecurityException if it fails. then the first thing in a function would be a call out to say SecurityGuard.DemandAdminRole()
or SecurityGuard.DemandEntityOwner() whatever it maybe. You can also do decorators, or something really fancy that does aop. I decided to go with the simple approach. But the point I'm making is that, I don't let this type of crosscutting concerns dictate
how I break down my controllers. Instead I group the actions base on the entity they act on. I find it the best way to keep controllers organized. (It's also the RESTful way)
shinakuma
Member
378 Points
92 Posts
Re: How to Handle Admin Views and Controller Actions
Dec 26, 2007 08:45 PM|LINK
I use a fairly simple approach in implementation. Usually with a SecurityGuard service that contains all my security checks, which will throw SecurityException if it fails. then the first thing in a function would be a call out to say SecurityGuard.DemandAdminRole() or SecurityGuard.DemandEntityOwner() whatever it maybe. You can also do decorators, or something really fancy that does aop. I decided to go with the simple approach. But the point I'm making is that, I don't let this type of crosscutting concerns dictate how I break down my controllers. Instead I group the actions base on the entity they act on. I find it the best way to keep controllers organized. (It's also the RESTful way)