As per my understanding one way to handle authorization is by passing (sort of) authorization object definition with nodes of the BO providing value for each field in the constructor of authorization class for the BO. The rest is taken care by the framework. My requirement is validating the user based on value NOT part of the BO viz validating user for schedule based on schedule type and trans. zone basis OR validating a user while modifying rate table based on Transportation zone.
First question...can this be handled by the constructor approach? Transportation zone is not an attribute of any node of schedule/rate table object
Second question..Where can I find some guiding documentation for this approach? Right now I have put some auth. checks by creating an implicit enhancement and passing the definition and some values but I am not sure whether it'll work.
Third Question..as we could not handle by method mentioned above, we tried to create determination and handle it. While it works in most cases, we don't have any handle to see of this is a create, change or display mode. I am calling retrieve method twice, w/o before_image_save and once with it and then deciding about the mode, but it won't work as change and display mode will have same values...Also I am not certain about when the determinations are called based on the settings we make.
If someone can throw some light on these or provide helpful links I'll be grateful.