[
https://issues.apache.org/jira/browse/ISIS-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14728954#comment-14728954
]
ASF subversion and git services commented on ISIS-1044:
-------------------------------------------------------
Commit 6f865c596237ab5fc2c974f9f0f1b73485c9c157 in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=6f865c5 ]
ISIS-1044: removed AuthenticationSession and DeploymentCategory from facet API
that call ObjectAdapter.Util#isVisible (either directly or indirectly).
Instead, the facet can obtain the auth session from the
AuthenticationSessionProvider injected in the constructor by the facet factory;
DeploymentCategory is similarly injected via the constructor.
Updated:
- ActionChoicesFacet
- ActionInvocationFacet
- ActionParameterAutoCompleteFacet
- ActionParameterChoicesFacet
- AutoCompleteFacet
- ChoicesFacet
- CollectionAccessorFacetViaAccessor
- CollectionAddToFacet ... ForDomainEventAbstract
- CollectionRemoveFromFacet ... ForDomainEventAbstract
- PropertyAccessorFacetViaAccessor
- PropertyAutoCompleteFacet
- PropertyChoicesFacetDerivedFromChoicesFacet
- PropertyClearFacet ... ForDomainEventAbstract
- PropertySetterFacet ... ForDomainEventAbstract
... and their respective implementations and facet factories
... the ... ForDomainEventAbstract are because require access to read current
state in order to emit event
> Table counts and gmap3/fullcalendar2 do not honour any vetoing, eg by
> subscribers or WithApplicationTenancy
> -----------------------------------------------------------------------------------------------------------
>
> Key: ISIS-1044
> URL: https://issues.apache.org/jira/browse/ISIS-1044
> Project: Isis
> Issue Type: Improvement
> Components: Core
> Affects Versions: viewer-wicket-1.7.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: 1.11.0
>
>
> Suppose that the Isis addon security module is being used with application
> tenancy checking; this means that the Wicket table
> (CollectionContentsAsAjaxTable) will only show rows for those entities for
> which the user is authorized (the visibility has not been vetoed).
> However, the underlying EntityCollectionModel does contain those objects, and
> the size of that collection is what is shown in the "showing 1-5 of 15"
> totals etc rendered at the bottom of the table.
> So the question is: how to ensure that figure is correct?
> * One option is to eagerly check the visibility of every item (even those not
> on the current page).
> * Another option is to suppress the totals, somehow (would require additional
> metadata, along with a worse UI for users
> ~~~
> Related: the gmap3/fullcalendar2/excel Isis addons do not check for the
> object visibility, meaning that they expose information when they should not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
