Hi Drew Secure your server/servlets first and UI second. Make sure all incoming calls to the server tier deny unauthorized users access to execute administrative operations. When you do this you don't have to worry if the user attempts an admin activity in the UI because they will be denied in the server tier.
For the UI, let it all be downloaded to the client and filter the controls at runtime. When a user logs in to your app query the server for their authorized privileges. This authorization information can be used to hide/customize the UI associated with the server side operations they are not authorize and authorized to perform. Craig On Nov 25, 10:28 am, Drew Spencer <[email protected]> wrote: > Hey coders, > > I'm building an app at the moment that will have regular users and > administrators. The part I am building atm is an intranet-like section that > allows the admins to upload files to the blobstore (also using app engine), > so that users can download them. > > I have been using MVP with uibinder, so the FormPanel and FileUpload are > baked into the UI. Obviously I only want the upload form to appear if it is > an admin user looking at the page. Just wondering what the different > approaches to this are, etc? > > I am thinking about putting the panel that holds the form in the uibinder > template, then programatically adding the FileUpload widget and the > appropriate clickhandler and other logic. Is this the best way? > > Thanks, > > Drew -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
