> I guess here is where I'm wondering why we need a framework to accomplish
> this at all, given what JSF already provides? Consider something like this,
> using JSP syntax:
>
> <h:panelGrid ... rendered="#{
> securityChecks.managerOfAppropriateDepartment}">
> ... components to conditionally display ...
> </h:panelGrid>
>
I agree that it wouldn't be a good idea to have a comma delimited list
of roles. The approach that Craig listed is better but I have a
problem with that approach. There is still an implicit piece of
business logic in your binding expression that implies only "managers
of the appropriate department" can see/edit this field. While this is
a hundred times better then hard-coding the roles I'm still not wild
about hard coding the manager aspect into the view.
Here is an alternative approach:
<h:panelGrid ... rendered="#{fieldChecker['someFieldName']">
... components to conditionally display ...
</h:panelGrid>
I have something like this in my app. The fieldChecker bean
implements Map interface but it's basically a hack around the
limitation of not being able to pass in a parameter into a value
binding expression. IMO this is a classic case of where you need to.
I have a field-restrictions.xml file which contains the mapping of all
the restrictions. In my case, fields can be restricted by role or by
workflow state. So if you add more restrictions (or new types of
restrictions), then you can just plug them in without disturbing your
view jsp.
I know its a bit of a hack, but again, I think its justified. We have
100+ fields in our app that need restrictions. I'm not going to add
100+ unecessary methods to delegate to my field checker when a simple
EL expression will suffice.
I'm interested in people's thoughts on this solution. If there is a
better way, I'd like to know.
> Craig
sean
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
