posted 16 years ago
Say I have a list of items and each item has a link (URL)
example:
Question: What will be the best way to secure this action (editAccount) if the user is not authorized to access this account (ID 74881) -- (obviously, the user can change the URL and type the ID there)
One thing came to mind is to use an interceptor - and check if the user has permission to access this account.
So if interceptor is the right solution, how would one design it?
there could be other 'resources' eg: account, user, department, request etc.
Thanks for any thoughts