I’m using Delphi for both client and server.
I have several service methods in a TRORemoteDataModule and am capturing RORemoteDataModuleActivate event verifying each name in order to allow or disallow an execution.
Is there a best way to reject an execution? I was thinking in generating an exception but don’t know if I can with this method return any information to client.
Why you can’t just use Roles ?
The Roles feature is designed for this…
Also we have a new feature that allows/disallows to execute specific services according to specified the Server.ServiceGroup property.
check more at Remoting SDK for Delphi vNext: New features
Because the rules are not fixed based on each user.
Imagine you have a server that could handle only 30 concurrent users of a finance module, 20 concurrent users for sales module, etc.
Each module has several methods, so, I could classify each incoming request based on the method name and see if that user is allowed or not to run in that server. This is the point I am now. So, my question is: how can I refuse (in a gentle way, if that exists…) that execution so the client exe could show something meaningful for the user? I could just throw an exception at RORemoteDataModuleActivate event but this is a best practice here?
I think, you can do this a bit easier:
you can control during a login how many concurrent users are logged into each module and disallow to login into selected module if the quota is exceeded.
in login method you can assign correspondent role: finance_role, sales _role, etc. it will allow to reject execute methods of sales module if user was connected to finance module.
the problem is that I don’t know beforehand which module a user will use, only when they execute a method of that module.
Client can specify to which module user wants to login and then allow or reject if quota is reached.
Yes, you can raise an exception that quota is reached and user should try attempt in few minutes.
also you can add a new custom method which will “reserve” an user for specific module.
how it may work:
- user tries to do any operation in specific module
- client sends request to server and allows/disallows to do this:
- user fills data and sends it to server
- client shows message that that quota is reached and disallows operation