<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 21/05/2012 21:22, Andrew Berman wrote:
<blockquote
cite="mid:CAEVpa753qCsrTh=kKR6m_PLovMMTykiXXkB=mvBfsEqw5uTh+A@mail.gmail.com"
type="cite">Cool, thanks Tim. I am using a before_advice since it
is only security. I figured that your two suggestions are the
best way to do it. As you said, passing around the user is the
purest way, so I'll probably just go with that method. I like
your suggestion of passing in the index of the user record in the
inputs.
<div>
<br>
</div>
<div>I was planning on using a gen_server and every time a
function is accessed it creates a new process which stores the
user. I feel like this could get messy though. </div>
<div><br>
</div>
<div>Thanks again for the annotations project, I love it!</div>
<div><br>
</div>
</blockquote>
Cool, glad you're enjoying it! So on the production code, this would
look something like:<br>
<br>
-requires_authorisation({user_record_index, 1}).<br>
read_user_info(User, InfoType) -><br>
db:fetch(user_info, User, InfoType).<br>
<br>
That seems reasonable to me. If all the functions in a module place
the user argument in the same position, it ought to be possible to
annotate a module so that *all* exported functions are annotated -
for something like this it'd make life easier to just say:<br>
<br>
%%%<br>
-module(user_db).<br>
-include_lib("annotations/include/annotation.hrl").<br>
<br>
-requires_authorisation([{scope, user}, {arg_index, 1}]).<br>
<br>
%%%<br>
<br>
In theory, that should work OOTB today, although I'm not 100% about
the module level stuff as I've mainly focused on testing (and using)
the function level annotations.<br>
<br>
<blockquote
cite="mid:CAEVpa753qCsrTh=kKR6m_PLovMMTykiXXkB=mvBfsEqw5uTh+A@mail.gmail.com"
type="cite">
<div>--Andrew<br>
<div><br>
<div class="gmail_quote">On Mon, May 21, 2012 at 1:04 PM, Tim
Watson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:watson.timothy@gmail.com" target="_blank">watson.timothy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Holy
crap the indentation on that post got screwed somehow.
Allow me to tidy up a bit.....
<div class="im HOEnZb"><br>
<br>
around_advice(#annotation{data={mode, pdict}}, M, F,
Inputs) -><br>
case get(current_user) of<br>
undefined -><br>
handle_restricted(M, F, Inputs);<br>
</div>
<div class="im HOEnZb"> #user{} -><br>
annotation:call_advised(M, F, Inputs)<br>
end.<br>
<br>
</div>
<div class="HOEnZb">
<div class="h5">
around_advice(#annotation{data={user_record_idx,
Idx}}, M, F, Inputs) -><br>
User = lists:nth(Idx, Inputs),<br>
case check(User) of<br>
restricted -><br>
handle_restricted(M, F, Inputs);<br>
ok -><br>
annotation:call_advised(M, F, Inputs)<br>
end.<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>