Hi, during place integration I was thinking about activities and authentication/authorization. Authentication seems pretty easy as its done outside the whole places/activities framework but what about authorization?
Lets say someone has bookmarked an URL like /#/editcustomer/123 because this person frequently updates customer 123. Now the administrator changes permissions and this person can not edit this customer anymore. It would be nice if the person will see a "not authorized" dialog box and once he hits OK then will be redirected to /#/customer where he can choose a different customer if he wants to. If the web app has only one display area/activity mapper it seems fine to put the authorization code into the activity and let this activity show the dialog box. But what if the app has more than one display area and thus more than one activity that will be started? As activities more or less work on its own each activity that needs the customer 123 would do the authorization check on its own (which would result in more RPC requests instead of just that single one that is needed) and its hard to say who should show the "not authorized" dialog box. It would be nice if the place itself would already contain the information if the logged in user account is allowed to access customer 123. That way the activities could just stop (or better never really start) if the place would contain such authorization information. It would also be nice if a 3rd instance would be responsible for showing the "not authorized" dialog box and handle the redirect to /#/customer. So basically I want as much authorization code outside of activities...similar to authentication which is done also outside activities. Is there any way to achieve this? How do yo handle such authorization with the places/activities framework? Thanks, J. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/S21ueVd0WFR2WUlK. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
