Data wrapper
I have been researching about using custom annotations recently and I've come up with a way of implementing the data wrapper. I'll try to explain it in short:
Custom Annotation: @UserLevel(Role) can be assigned to all fields (and methods if required) of the model class.
However, this means that we no longer need to use separate classes called Info classes, we will be directly giving out the model classes.
For example, if a client requests for details on a User, and he has Developer rights, we would:
1. simply retrieve the object from the datastore
2. create a clone and set a internal flag saying it's a clone and should not be stored back by any chance
3. strip out unwanted information off the clone (set them to be null depending on the current login's Role)
4. return the clone object
This method ensures that we do not accidentally make mistakes and give out wrong bits of information to the client.
Striping out of information will automatically happen depending on the @UserLevel annotation, so all we need to do is make sure the correct Role is assigned for each field.
However, this also allows us to throw UserPrivilegeEx
The major drawback to this will be the overhead in checking the user role in order to throw exceptions everytime a method is called.
*Note:
Some may say that setting the internal flag if necessary should not be sent out to the client as this may create a security vulnerability. In that case, we can have the base classes to be the shared class (e.g. User) and the datastore class to derive from the base class (e.g. UserData). This way, the UserData can be only server side (hidden from the client) and we can have the internal flag on it. This way clients will only have access to the User class; and when saving the object on the server side, all we need to do is check if the object is of type UserData before storing).
Any suggestions?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- MUGLE Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Prageeth Silva
- Solved:
- Last query:
- Last reply: