[LRUG] [Off-Topic] Authorisation
Andrew Stewart
boss at airbladesoftware.com
Tue Jul 29 05:18:02 PDT 2008
On 28 Jul 2008, at 10:46, Andrew Stewart wrote:
> In a nutshell, I think that the authorisation logic should live in
> the model layer, and the view and the controller should query the
> model to find out what is allowed. However the model layer can't
> enforce the rules; only the controller can.
>
> Have I missed anything? Is there a better way to do this? I'd
> appreciate your thoughts.
Thanks everyone for the thoughtful replies. I'll be changing my code
around as a result.
Regards,
Andy Stewart
-------
http://airbladesoftware.com
More information about the Chat
mailing list