But I'm thinking about doing stuff like this~:
<code>
new Ext.Toolbar({
text: '<u>F</u>ile',
iconCls: 'bmenu',
hidden: false,
menu: new Ext.menu.Menu({
items: [
#if($IsExportPermission){
id: 'excel',
text: '<u>E</u>xcel',
hideOnClick: true,
handler: function() {
document.location =
'data:application/vnd.ms-excel;base64,' + Base64.encode(grid.getExcelXml());
}
}, #end
#if($IsPreferencesPermission) {
id: 'pref',
text: '<u>P</u>references',
hideOnClick: true,
handler: function() {
Irm.UI.Dialogs.Preferences.showDialog();
}
}, #end
#if($IsPreferencesPermission) {
id: 'sec',
text: '<u>S</u>ecurity',
hideOnClick: true,
handler: function() {
}
},#end
#if($IsAdminPermission) {
id: 'admin',
text: '<u>A</u>dmin',
hideOnClick: true,
handler: function() {
window.location.href = 'http://' + location.host +
(settings.siteroot != '' ? settings.siteroot : '') + '/admin/index.rails';
} }, #end{
id: 'btnhome',
text: '<u>R</u>eports',
hideOnClick: true,
handler: function() {
window.location.href = 'http://' + location.host +
(settings.siteroot != '' ? settings.siteroot : '') +
'/reportviewer/index.rails';
}
}]
})
})
</code>
So the logic exists as part of the JS and then all the browser gets is all
the browser is meant to get.
This was typed as an example in the email so don't expect that stuff to work
:)
w://
2009/3/11 Ken Egozi <[email protected]>
> anyway it should not be in the view (NV) imo. that kind of a logic require
> a controller (either an MR one, or a POCO)
>
>
> On Wed, Mar 11, 2009 at 1:02 PM, Ken Egozi <[email protected]> wrote:
>
>> what about an IHttpHandler to serve the js files?
>>
>> /script.ashx?a,b,c,d
>>
>> will combine (and compress?) the files, and will only take the ones that
>> the current user/scenario allow for
>>
>>
>>
>> On Wed, Mar 11, 2009 at 12:54 PM, Wayne Douglas <[email protected]>wrote:
>>
>>> Hi
>>> I'm trying to figure out how to secure an online app by only serving the
>>> JS the user has access to. I.e. - instead of simply disabling/hiding a menu
>>> button, I'd like the JS that creates that button to never be printed.
>>>
>>> I was thinking about setting the *.js files to pass through the monorail
>>> pipeline and, with some NVelocity logic, limit the JS that actually gets
>>> sent to the client.
>>>
>>> Does anyone know how to do this, if it's been done/is possible or, if
>>> there's a better way?
>>>
>>> I'm using EXTJs/Monorail/NVelocity in a very large/complex application.
>>>
>>>
>>> --
>>> Cheers,
>>>
>>> w://
>>>
>>>
>>>
>>
>>
>> --
>> Ken Egozi.
>> http://www.kenegozi.com/blog
>> http://www.delver.com
>> http://www.musicglue.com
>> http://www.castleproject.org
>> http://www.gotfriends.co.il
>>
>
>
>
> --
> Ken Egozi.
> http://www.kenegozi.com/blog
> http://www.delver.com
> http://www.musicglue.com
> http://www.castleproject.org
> http://www.gotfriends.co.il
>
> >
>
--
Cheers,
w://
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Castle Project Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/castle-project-users?hl=en
-~----------~----~----~----~------~----~------~--~---
