[LRUG] [Off-Topic] Authorisation

Andrew Stewart boss at airbladesoftware.com
Tue Jul 29 05:18:02 PDT 2008


On 28 Jul 2008, at 10:46, Andrew Stewart wrote:

> In a nutshell, I think that the authorisation logic should live in  
> the model layer, and the view and the controller should query the  
> model to find out what is allowed.  However the model layer can't  
> enforce the rules; only the controller can.
>
> Have I missed anything?  Is there a better way to do this?  I'd  
> appreciate your thoughts.


Thanks everyone for the thoughtful replies.  I'll be changing my code  
around as a result.

Regards,
Andy Stewart

-------
http://airbladesoftware.com




More information about the Chat mailing list