George, Yes, in this case the extra check for the base pbxman permission is superfluous, but then again I'm a belt-and-suspenders kind of guy. If a user has a sub-permission, they SHOULD also have the base permission, and this is enforced when the user's settings are saved.
A check for just the base pbxman permission will be necessary for when a user has to have at least the base pbxman permission to see a page, however. I might also want to consider allowing the String parameter to contain a comma-separated list of permissions, and have the associated method in Border.java tokenize it into a List, for when a combination of more than one permission is required to access a page. Andy ----- Original Message ----- From: "George Niculae" <[email protected]> To: "Discussion list for users of sipXecs software" <[email protected]> Sent: Thursday, December 8, 2011 5:13:03 PM Subject: Re: [sipx-users] Web portal access restricted to CDR report only Why not something like: <div jwcid="@common/Border" permission="pbxman-manage-cdr" borderTitle="ognl:borderTitle"> then if (!userSession.getUser(getCoreContext()).hasPermission(permission)) { throw new PageRedirectException(ManageVoicemail.PAGE); } George
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
