On Thu, 1 May 2003 01:55:07 +0900
Simon Vandemoortele <deliriousREMOVEUPPERCASETEXTTOREPLY / atchoo.be> wrote:

<snip> 
> Suppose you want to code an addressbook editor. You want it to be based
> on *Addressbook* class that can be reused, so that other people may
> write their UI on your addressbook format. How do you go about this ? 
<snip> 
> _Problem:_
> 
> All this works wonderfully well but for one thing: once the addressbook
> gives a *Contact* (actually a reference to *Contact*) to a client, the
> client can modify the *Contact* (that is _inside_ the addressbook)
> without the addressbook's knowledge.
<snip>

I would suggest using Mephle.  (Yes, I finally have an 0.7 release
prepared, I'll send an announcement this evening. ;)

While 0.7 does not have ACLs, 0.8 will.

Mephle allows you to create and use objects remotely.  This means the
client can do this:

    contact = Get(conn, :contactdb, "/contacts/john-doe")

This is now a proxy to the remote object.  It will act and behave
exactly like that object.  However, if you don't want the client doing
something (calling a particular method), you merely define an ACL that
excludes them from doing so.  That way when they try:

    contact.email = "foo / bar.com"

...a PermissionDenied exception gets raised across the network.  Of
course, they can procure a _local_copy_ of the object and do whatever
they want to it.  It's their object now.  (Given they would have
permissions to acquire a copy---you may not want sensitive data
returned.)

But, it's a simple and complete solution.

-- 
Ryan Pavlik <rpav / users.sf.net>

"Even the shiniest sword could not save us now!" - 8BT