isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Cameron <>
Subject Can I make a specific class instance editable, all others not?
Date Thu, 24 Aug 2017 04:14:47 GMT

I have implemented and extended version of ApplicationUser class called
MyApplicationUser to allow users to add more information to their 'profile'
in my web-app. They self-enrol (via initial entry of an email address, then
following a link in a email sent to that address [1] ) and then add more
details once they've created a user account.

I now make use of the class MyApplicationUser more widely in the
application but this leads to the problem that one user can modify the
profile of another. Using the security module we can make all classes,
instances of a class VIEWING or CHANGING. It must be the later to be able
to change their own record, but generally it should be VIEWING only. Is
there a way to achieve this.

My alternative is to make use of the MyApplicationUser entity but to
display its property values as a read-only view-model when necessary, that
is, as a derived property. At the moment, I am having some problems with
this approach in terms of displaying collections of MyApplicationUser as
collections (of more view models) in the view-model class.

I was creating my view-model as a wrapper around a persistent entity, it's
worked in the past but not working in this case, with some strange effects,
like "Failed title". So setting actual properties in the view-model class
(rather than making all getters call a getter of the wrapped object) might
be necessary to take full advantage of session caching of view model

I think using the view model approach might be the solution.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message