0

Igor, I was wondering if you might have some hints as to how I might go about implementing record level, or possibly, field level security using ActiveJDBC. I played around with extending the Model class to override some of the methods from Model. However, it's not a very "elegant" solution and started to become rather messy. I know that your Model class has hooks for certain events, but nothing that seems to stick out to me for modifying behavior. I was able to catch the "set" and "get" calls without too much hacking to implement simple "field level security" type logic, but it became very difficult to overload other methods such as those methods that return a List.

Again, I'm looking more for suggestions on how to do this without actually having to change the Model or LazyList class (though I could go that route as well).

I've been using ActiveJDBC for a number of years now, and it's really been a great framework to build on. Thanks for all your hard work!

Dave
  • 2,546
  • 6
  • 23
  • 29

1 Answers1

1

Haha, thanks for addressing me directly by name!

We do this all the time, as saving passwords in the database in clear text is not that smart. Usually, we use callbacks for specific models: http://javalite.io/lifecycle_callbacks

What you want to do, is register a callback: http://javalite.io/lifecycle_callbacks#registration-of-external-listeners

or override a method beforeSave on a model, since each model is also an event listener for its events.

ipolevoy
  • 5,432
  • 2
  • 31
  • 46
  • Thanks for the quick response. What about getting lists of objects. If I query 500 rows, the user might actually only be able to "see" 200 of them based on some rule. That's the part I seem to have the most problems resolving. This would affect the LazyList because even though there are 500 rows that are "really" returned, the user can't see all of them (potentially). – Dave Jun 14 '17 at 23:09
  • is this a different question? If you do not want to display 500 rows, why query them? – ipolevoy Jun 15 '17 at 05:33
  • I'm probably not phrasing my original question correctly. Let me ponder this and try to come up with a better way to ask this :). I'm trying to implement row and field level security outside the context of the database; security at the application level. So let's say I have a table, accounts, that has 500 rows in it. If I do select * from accounts as one user, I might only be able to "view" 200 of those rows. I'm trying to see if I can inject some type of security framework into ActiveJDBC. I don't know if that makes my question any clearer or not :). – Dave Jun 16 '17 at 14:39
  • can you update the question so that my answer did not look weird? – ipolevoy Jun 16 '17 at 16:45