Re: Secured/Constraint IDataProvider and DropDownChoice choices
On Wed, Oct 21, 2009 at 8:22 AM, Roman Ilin wrote: > Two questions: > 1) why do you use thread local and don't store organization in session If you store it in your session, you have to mix your data access layer with your web layer. With thread-local variables, you don't (you just have to make sure you set/clear them properly). > 2) to pass organization to your createCriteria() you have to have > organization as parameter in every DAO method where it is appropriate, > right? Not with the thread-locals, no. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
Two questions: 1) why do you use thread local and don't store organization in session 2) to pass organization to your createCriteria() you have to have organization as parameter in every DAO method where it is appropriate, right? On Wed, Oct 21, 2009 at 2:17 PM, Martijn Dashorst wrote: > We use a thread local to store the organization of our user, and have > custom createCriteria() methods in our DAO's to add restrictions on > the organization. > > Martijn > > On Tue, Oct 20, 2009 at 10:14 PM, Roman Ilin wrote: >> Hi *, >> >> I develop WebApplication where database records belong to different >> organizations. >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> some organization is allowed to see his organization data only. >> To reach this I implement custom IDataProvider for every table. >> >> Is there some way to have generic IDataProvider which constraints >> shown data rows. >> Pagination and sorting, filtering of data should work as well :) >> >> I have the same problem with DropDownChoice. There choices depend on >> logged in user/organization. >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> functionality there. >> You can have secure model but you can't restrict list of models. >> >> Or I'm wrong? >> >> >> Regards >> >> Roman >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.4 increases type safety for web applications > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.0 > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
We use a thread local to store the organization of our user, and have custom createCriteria() methods in our DAO's to add restrictions on the organization. Martijn On Tue, Oct 20, 2009 at 10:14 PM, Roman Ilin wrote: > Hi *, > > I develop WebApplication where database records belong to different > organizations. > I use AjaxFallbackDefaultDataTable to present tabular data. User from > some organization is allowed to see his organization data only. > To reach this I implement custom IDataProvider for every table. > > Is there some way to have generic IDataProvider which constraints > shown data rows. > Pagination and sorting, filtering of data should work as well :) > > I have the same problem with DropDownChoice. There choices depend on > logged in user/organization. > > I read Wicket Security Wasp/Swarm tutorials but haven't found this > functionality there. > You can have secure model but you can't restrict list of models. > > Or I'm wrong? > > > Regards > > Roman > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.4 increases type safety for web applications Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.0 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
No I use plain Spring JDBC in one of my projects (there is old legacy DB) but probably I'm going to use Hibernate in next one. On Wed, Oct 21, 2009 at 2:13 PM, James Carman wrote: > Are you using Hibernate? If so, you could use filters. Also, Oracle > has something built in that will automatically rewrite your queries > for you based on the database user that's connected (most people don't > use Oracle usernames to connect, though). > > On Wed, Oct 21, 2009 at 7:48 AM, Roman Ilin wrote: >> Does someone have any fresh idea? >> >> >> >> On Tue, Oct 20, 2009 at 10:32 PM, Roman Ilin wrote: >>> My components should stay visible all time. But data should be >>> filtered by customer currently logged in. >>> >>> >>> >>> On Tue, Oct 20, 2009 at 10:29 PM, Pedro Santos wrote: I had application with components that override the isVisible method testing for return session.getUser().hasAccessFor(this) but the major access logic is implemented on data access layer On Tue, Oct 20, 2009 at 6:26 PM, Pedro Santos wrote: > every time for every component > why not for every query? > > > > On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: > >> Sure I save my user in session. >> The problem is that I have to implement this filter functionality >> every time for every component. >> >> >> >> On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos >> wrote: >> > you can put user on session, and use this information as an filter to >> > queries than fill the lists on your application models... >> > >> > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin >> wrote: >> > >> >> Hi *, >> >> >> >> I develop WebApplication where database records belong to different >> >> organizations. >> >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> >> some organization is allowed to see his organization data only. >> >> To reach this I implement custom IDataProvider for every table. >> >> >> >> Is there some way to have generic IDataProvider which constraints >> >> shown data rows. >> >> Pagination and sorting, filtering of data should work as well :) >> >> >> >> I have the same problem with DropDownChoice. There choices depend on >> >> logged in user/organization. >> >> >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> >> functionality there. >> >> You can have secure model but you can't restrict list of models. >> >> >> >> Or I'm wrong? >> >> >> >> >> >> Regards >> >> >> >> Roman >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> >> > >> > >> > -- >> > Pedro Henrique Oliveira dos Santos >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > -- Pedro Henrique Oliveira dos Santos >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
Are you using Hibernate? If so, you could use filters. Also, Oracle has something built in that will automatically rewrite your queries for you based on the database user that's connected (most people don't use Oracle usernames to connect, though). On Wed, Oct 21, 2009 at 7:48 AM, Roman Ilin wrote: > Does someone have any fresh idea? > > > > On Tue, Oct 20, 2009 at 10:32 PM, Roman Ilin wrote: >> My components should stay visible all time. But data should be >> filtered by customer currently logged in. >> >> >> >> On Tue, Oct 20, 2009 at 10:29 PM, Pedro Santos wrote: >>> I had application with components that override the isVisible method testing >>> for >>> >>> return session.getUser().hasAccessFor(this) >>> >>> but the major access logic is implemented on data access layer >>> >>> On Tue, Oct 20, 2009 at 6:26 PM, Pedro Santos wrote: >>> every time for every component why not for every query? On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: > Sure I save my user in session. > The problem is that I have to implement this filter functionality > every time for every component. > > > > On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos > wrote: > > you can put user on session, and use this information as an filter to > > queries than fill the lists on your application models... > > > > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin > wrote: > > > >> Hi *, > >> > >> I develop WebApplication where database records belong to different > >> organizations. > >> I use AjaxFallbackDefaultDataTable to present tabular data. User from > >> some organization is allowed to see his organization data only. > >> To reach this I implement custom IDataProvider for every table. > >> > >> Is there some way to have generic IDataProvider which constraints > >> shown data rows. > >> Pagination and sorting, filtering of data should work as well :) > >> > >> I have the same problem with DropDownChoice. There choices depend on > >> logged in user/organization. > >> > >> I read Wicket Security Wasp/Swarm tutorials but haven't found this > >> functionality there. > >> You can have secure model but you can't restrict list of models. > >> > >> Or I'm wrong? > >> > >> > >> Regards > >> > >> Roman > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> For additional commands, e-mail: users-h...@wicket.apache.org > >> > >> > > > > > > -- > > Pedro Henrique Oliveira dos Santos > > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Pedro Henrique Oliveira dos Santos >>> >>> >>> >>> -- >>> Pedro Henrique Oliveira dos Santos >>> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
Does someone have any fresh idea? On Tue, Oct 20, 2009 at 10:32 PM, Roman Ilin wrote: > My components should stay visible all time. But data should be > filtered by customer currently logged in. > > > > On Tue, Oct 20, 2009 at 10:29 PM, Pedro Santos wrote: >> I had application with components that override the isVisible method testing >> for >> >> return session.getUser().hasAccessFor(this) >> >> but the major access logic is implemented on data access layer >> >> On Tue, Oct 20, 2009 at 6:26 PM, Pedro Santos wrote: >> >>> every time for every component >>> why not for every query? >>> >>> >>> >>> On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: >>> Sure I save my user in session. The problem is that I have to implement this filter functionality every time for every component. On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos wrote: > you can put user on session, and use this information as an filter to > queries than fill the lists on your application models... > > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin wrote: > >> Hi *, >> >> I develop WebApplication where database records belong to different >> organizations. >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> some organization is allowed to see his organization data only. >> To reach this I implement custom IDataProvider for every table. >> >> Is there some way to have generic IDataProvider which constraints >> shown data rows. >> Pagination and sorting, filtering of data should work as well :) >> >> I have the same problem with DropDownChoice. There choices depend on >> logged in user/organization. >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> functionality there. >> You can have secure model but you can't restrict list of models. >> >> Or I'm wrong? >> >> >> Regards >> >> Roman >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >>> -- >>> Pedro Henrique Oliveira dos Santos >>> >> >> >> >> -- >> Pedro Henrique Oliveira dos Santos >> > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
My components should stay visible all time. But data should be filtered by customer currently logged in. On Tue, Oct 20, 2009 at 10:29 PM, Pedro Santos wrote: > I had application with components that override the isVisible method testing > for > > return session.getUser().hasAccessFor(this) > > but the major access logic is implemented on data access layer > > On Tue, Oct 20, 2009 at 6:26 PM, Pedro Santos wrote: > >> every time for every component >> why not for every query? >> >> >> >> On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: >> >>> Sure I save my user in session. >>> The problem is that I have to implement this filter functionality >>> every time for every component. >>> >>> >>> >>> On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos >>> wrote: >>> > you can put user on session, and use this information as an filter to >>> > queries than fill the lists on your application models... >>> > >>> > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin >>> wrote: >>> > >>> >> Hi *, >>> >> >>> >> I develop WebApplication where database records belong to different >>> >> organizations. >>> >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >>> >> some organization is allowed to see his organization data only. >>> >> To reach this I implement custom IDataProvider for every table. >>> >> >>> >> Is there some way to have generic IDataProvider which constraints >>> >> shown data rows. >>> >> Pagination and sorting, filtering of data should work as well :) >>> >> >>> >> I have the same problem with DropDownChoice. There choices depend on >>> >> logged in user/organization. >>> >> >>> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >>> >> functionality there. >>> >> You can have secure model but you can't restrict list of models. >>> >> >>> >> Or I'm wrong? >>> >> >>> >> >>> >> Regards >>> >> >>> >> Roman >>> >> >>> >> - >>> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> >> For additional commands, e-mail: users-h...@wicket.apache.org >>> >> >>> >> >>> > >>> > >>> > -- >>> > Pedro Henrique Oliveira dos Santos >>> > >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> >> >> -- >> Pedro Henrique Oliveira dos Santos >> > > > > -- > Pedro Henrique Oliveira dos Santos > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
I had application with components that override the isVisible method testing for return session.getUser().hasAccessFor(this) but the major access logic is implemented on data access layer On Tue, Oct 20, 2009 at 6:26 PM, Pedro Santos wrote: > every time for every component > why not for every query? > > > > On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: > >> Sure I save my user in session. >> The problem is that I have to implement this filter functionality >> every time for every component. >> >> >> >> On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos >> wrote: >> > you can put user on session, and use this information as an filter to >> > queries than fill the lists on your application models... >> > >> > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin >> wrote: >> > >> >> Hi *, >> >> >> >> I develop WebApplication where database records belong to different >> >> organizations. >> >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> >> some organization is allowed to see his organization data only. >> >> To reach this I implement custom IDataProvider for every table. >> >> >> >> Is there some way to have generic IDataProvider which constraints >> >> shown data rows. >> >> Pagination and sorting, filtering of data should work as well :) >> >> >> >> I have the same problem with DropDownChoice. There choices depend on >> >> logged in user/organization. >> >> >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> >> functionality there. >> >> You can have secure model but you can't restrict list of models. >> >> >> >> Or I'm wrong? >> >> >> >> >> >> Regards >> >> >> >> Roman >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> >> > >> > >> > -- >> > Pedro Henrique Oliveira dos Santos >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > -- Pedro Henrique Oliveira dos Santos
Re: Secured/Constraint IDataProvider and DropDownChoice choices
Sorry. I do it for every query but normally every component has its own query. On Tue, Oct 20, 2009 at 10:26 PM, Pedro Santos wrote: > every time for every component > why not for every query? > > > On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: > >> Sure I save my user in session. >> The problem is that I have to implement this filter functionality >> every time for every component. >> >> >> >> On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos >> wrote: >> > you can put user on session, and use this information as an filter to >> > queries than fill the lists on your application models... >> > >> > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin >> wrote: >> > >> >> Hi *, >> >> >> >> I develop WebApplication where database records belong to different >> >> organizations. >> >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> >> some organization is allowed to see his organization data only. >> >> To reach this I implement custom IDataProvider for every table. >> >> >> >> Is there some way to have generic IDataProvider which constraints >> >> shown data rows. >> >> Pagination and sorting, filtering of data should work as well :) >> >> >> >> I have the same problem with DropDownChoice. There choices depend on >> >> logged in user/organization. >> >> >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> >> functionality there. >> >> You can have secure model but you can't restrict list of models. >> >> >> >> Or I'm wrong? >> >> >> >> >> >> Regards >> >> >> >> Roman >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> >> > >> > >> > -- >> > Pedro Henrique Oliveira dos Santos >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
every time for every component why not for every query? On Tue, Oct 20, 2009 at 6:23 PM, Roman Ilin wrote: > Sure I save my user in session. > The problem is that I have to implement this filter functionality > every time for every component. > > > > On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos > wrote: > > you can put user on session, and use this information as an filter to > > queries than fill the lists on your application models... > > > > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin > wrote: > > > >> Hi *, > >> > >> I develop WebApplication where database records belong to different > >> organizations. > >> I use AjaxFallbackDefaultDataTable to present tabular data. User from > >> some organization is allowed to see his organization data only. > >> To reach this I implement custom IDataProvider for every table. > >> > >> Is there some way to have generic IDataProvider which constraints > >> shown data rows. > >> Pagination and sorting, filtering of data should work as well :) > >> > >> I have the same problem with DropDownChoice. There choices depend on > >> logged in user/organization. > >> > >> I read Wicket Security Wasp/Swarm tutorials but haven't found this > >> functionality there. > >> You can have secure model but you can't restrict list of models. > >> > >> Or I'm wrong? > >> > >> > >> Regards > >> > >> Roman > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> For additional commands, e-mail: users-h...@wicket.apache.org > >> > >> > > > > > > -- > > Pedro Henrique Oliveira dos Santos > > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Pedro Henrique Oliveira dos Santos
Re: Secured/Constraint IDataProvider and DropDownChoice choices
Sure I save my user in session. The problem is that I have to implement this filter functionality every time for every component. On Tue, Oct 20, 2009 at 10:18 PM, Pedro Santos wrote: > you can put user on session, and use this information as an filter to > queries than fill the lists on your application models... > > On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin wrote: > >> Hi *, >> >> I develop WebApplication where database records belong to different >> organizations. >> I use AjaxFallbackDefaultDataTable to present tabular data. User from >> some organization is allowed to see his organization data only. >> To reach this I implement custom IDataProvider for every table. >> >> Is there some way to have generic IDataProvider which constraints >> shown data rows. >> Pagination and sorting, filtering of data should work as well :) >> >> I have the same problem with DropDownChoice. There choices depend on >> logged in user/organization. >> >> I read Wicket Security Wasp/Swarm tutorials but haven't found this >> functionality there. >> You can have secure model but you can't restrict list of models. >> >> Or I'm wrong? >> >> >> Regards >> >> Roman >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > > -- > Pedro Henrique Oliveira dos Santos > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Secured/Constraint IDataProvider and DropDownChoice choices
you can put user on session, and use this information as an filter to queries than fill the lists on your application models... On Tue, Oct 20, 2009 at 6:14 PM, Roman Ilin wrote: > Hi *, > > I develop WebApplication where database records belong to different > organizations. > I use AjaxFallbackDefaultDataTable to present tabular data. User from > some organization is allowed to see his organization data only. > To reach this I implement custom IDataProvider for every table. > > Is there some way to have generic IDataProvider which constraints > shown data rows. > Pagination and sorting, filtering of data should work as well :) > > I have the same problem with DropDownChoice. There choices depend on > logged in user/organization. > > I read Wicket Security Wasp/Swarm tutorials but haven't found this > functionality there. > You can have secure model but you can't restrict list of models. > > Or I'm wrong? > > > Regards > > Roman > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Pedro Henrique Oliveira dos Santos
Secured/Constraint IDataProvider and DropDownChoice choices
Hi *, I develop WebApplication where database records belong to different organizations. I use AjaxFallbackDefaultDataTable to present tabular data. User from some organization is allowed to see his organization data only. To reach this I implement custom IDataProvider for every table. Is there some way to have generic IDataProvider which constraints shown data rows. Pagination and sorting, filtering of data should work as well :) I have the same problem with DropDownChoice. There choices depend on logged in user/organization. I read Wicket Security Wasp/Swarm tutorials but haven't found this functionality there. You can have secure model but you can't restrict list of models. Or I'm wrong? Regards Roman - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org