The DataPermission solution works :)
Thanks
Andrea
*Von:* users@wicket.apache.org
*Gesendet:* 15.05.08 16:06:54
*An:* users@wicket.apache.org
*Betreff:* Re: Swarm: Link authorization
Yes there are other solutions :)
In this case you would use a DataPermission.
Something like
permission ${DataPermission} delete_product, enable;
coupled with a DatasecurityCheck on your links like so:
setSecurityCheck(new DataSecurityCheck(delete_product));
will do the trick.
Maurice
On Thu, May 15, 2008 at 3:22 PM, Andrea Jahn [EMAIL PROTECTED] wrote:
Hi,
for every item in a table there's a delete link, which should be only
visible for certain users.
ProductAreaListPage.html:
-
tr wicket:id=productAreaTable class=list
tdspan wicket:id=id[id]/span/td
tdspan wicket:id=name[name]/span/td
tdspan wicket:id=description[description]/span/td
tda wicket:id=editProductAreaEdithellip;/a/td
tda wicket:id=adminProductsProductshellip;/a/td
tda wicket:id=deleteProductAreaDeletehellip;/a/td
/tr
I created a class for the secure link:
---
public abstract class SecureLink extends Link implements ISecureComponent
{
private static final long serialVersionUID = 1L;
public SecureLink(String id, Class c)
{
super(id);
setSecurityCheck(new LinkSecurityCheck(this, c));
}
public ISecurityCheck getSecurityCheck()
{
return SecureComponentHelper.getSecurityCheck(this);
}
public boolean isActionAuthorized(String waspAction)
{
return SecureComponentHelper.isActionAuthorized(this, waspAction);
}
public boolean isActionAuthorized(WaspAction action)
{
return SecureComponentHelper.isActionAuthorized(this, action);
}
public boolean isAuthenticated()
{
return SecureComponentHelper.isAuthenticated(this);
}
public void setSecurityCheck(ISecurityCheck check)
{
SecureComponentHelper.setSecurityCheck(this, check);
}
}
First I tried to use the ComponentSecurityCheck, because I have no real click
target ( I used ProductAreaListPage.class as parameter in the constructor as
dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per
default, I called setUseAlternativeRenderCheck to change to
ComponentSecurityCheck.
ProductAreaListPage.java:
-
private class ProductAreaVisibleDataView extends ProductAreaDataView
{
public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
super(id, dataProvider);
}
protected void populateItem(final Item item) {
super.populateItem(item);
final ProductArea productArea = (ProductArea) item.getModelObject();
SecureLink deleteLink = new SecureLink(deleteProductArea,
ProductAreaListPage.class) {
private static final long serialVersionUID = 1L;
public void onClick() {
if (productArea.getDeleted())
return;
productArea.setDeleted(true);
productAreaService.save(productArea);
invalidateDataProviders();
}
};
((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
item.add(deleteLink);
}
}
Because the wicket id deleteProductArea exists for each item in the list, my
policy file would need such permission for each item. This is no real
solution, because I don't know, how many items the list will contain (But it
worked in the example for the first 4 items).
Appl.hive:
// Product area list page - Delete link
permission ${ComponentPermission}
${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea,
inherit, render;
permission ${ComponentPermission}
${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea,
inherit, render;
permission ${ComponentPermission}
${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea,
inherit, render;
permission ${ComponentPermission}
${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea,
inherit, render;
So I tried to change to use the ClassSecurityCheck. There the user must have
rights for the target class. I created a dummy class:
ClickTargetDummy.java:
--*
*package xxx.yyy.zzz.front.security;
public class ClickTargetDummy
{
}
ProductAreaListPage.java:
-
SecureLink deleteLink = new SecureLink(deleteProductArea,
ClickTargetDummy.class) {
private static final long serialVersionUID = 1L;
public void onClick() {
if (productArea.getDeleted())
return;
productArea.setDeleted(true);
productAreaService.save(productArea);
invalidateDataProviders();
}
};
Appl.hive:
-
permission ${ComponentPermission} ${front}.security.ClickTargetDummy,
inherit, render, enable;
This solution works, but I have to create the dummy class. Perhaps other
solutions are possible ???
Thanks in advance
Andrea
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
*http://smartsurfer.web.de/?mc