openjpa-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <adam....@cyberspaceroad.org>
Subject adding data visibility / ownership restrictions to query
Date Wed, 12 Dec 2007 14:28:56 GMT
Hello List,

I've used several different mechanisms on previous projects to restrict query 
results to data the user is authorised to see, and now with my current project 
and new standards-compliant JPA implementation of the 'data services layer', I 
wanted check what the community holds to be the idiomatic approach.

I am inclined to add the user or group id wherever necessary in the Data Access 
Object code after retrieving it from the security context, and indeed that seems 
like the only approach possible at this time with JPA. Is that correct?

Thanks
Adam

Mime
View raw message