开发者

How to handle authenticated user access to resources in document oriented system?

I'm developing a document oriented application and need to manage user access to the documents. I have a modul开发者_运维知识库e that handles user authentication, and another module that handles document CRUD operations on the data store. Once a user is authenticated I need to enforce what operations the user can and cannot perform to documents based upon the user's permissions. The best option I could think of to integrate these two pieces together would be to create another module that duplicates the data API but that also takes the authenticated user as a parameter. The module would delegate the authorization check to the auth module and delegate the document operation to the data access module. Something like:

 -module(auth_data_access).

 % User is authenticated (logged into the system)
 % save_doc validates if user is allowed to save the given document and if so
 % saves it returning ok, else returns {error, permission_denied}
 save_doc(Doc, User) ->
    case auth:save_allowed(Doc, User) of
       ok ->
          data_access:save_doc(Doc);
       denied ->
          {error, permission_denied}
     end
  end. 

Is there a better way I can handle this?


According to mine answer to "How do I elegantly check many conditions in Erlang" I will prefer something like

save_doc(Doc, User) ->
    ok = auth:save_allowed(Doc, User),
    data_access:save_doc(Doc).
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜