Hi Thomas,
I lost the original thread in my email. It has been a busy few weeks
getting new projects off the ground and continuing to support some old ones.
You had a comment:
Talking of which - wouldn't it be cleaner to remove the isAuthorized()
method from screens and actions and create separate pipeline valves for
them? WDYT?
I had a thought about this, and I am not sure how to do it, but it would
be fantastic if we could make resources such as screens/actions secure
by using annotations like:
@SecureAction("group:global")
public class MyAction extends SecureAction {
public void doPerform()
{
// add logic here
}
}
@SecureScreen("role:admin,sales,finance")
public class SecureScreen extends VelocitySecureScreen
{
public void doBuildTemplate();
}
I think this might make it a lot easier to both maintain from a code
perspective and immediately know what security restrictions apply to
actions and screens.
--
Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
