Recommended/declarative means to restrict access to parts of an app and show/hide menus?

[bryan hunt]

Hi there,

I'm more used to programming on platforms whereby permissions are declarative.

For (contrived) example,

class Bank {

   [mustBeLoggedIn]
   function getBankBallance { }

   [mustBeInRole('admin','teller','newscorp')]
   function displayAccountList() { }

}

I'm thinking of two approaches to this (obviously the real authorization happens within the remote services, but I don't want to inconvenience the user).

Firstly restrict part of the view on the basis of mxml tags, something like:

<mustHaveAuth>
   <roles>
      <role>admin</role>
      <role>teller</role>
      <role>newscorp</role>
    </roles>
    <content>
       The rest of the page goes here
    </content>
<mustHaveAuth>

Secondly, to use annotations within the controllers to define what methods could be called.

This would require me to write a custom factory of some sort, I guess, perhaps using AS3-Commons bytecode/AOP libraries.

I've got some trivial proof-of-concept code already written for this purpose.

Has anyone already thought of this, done it, is it feasible, or even a useful idea?

Regards,

Bryan Hunt