Hmm nasty, thinking quickly, I'd guess you have three options:
1. pass the username to the form (dangerous as it's easy to hack)
2. don't display fields the user can't set (again easy to hack)
3. have two copies of the form, one in a session, one in the request. On
submission, copy the fields from the request form to the session form if
the user has permission to set them, otherwise ignore any changes to the
field.
Better still, do 2 and 3.
I hope that give you some ideas,
Paul
------------------------------------------------------------
Global Equity Derivatives Technology
Deutsche Bank [/]
------------------------------------------------------------
Arne Brutschy <[EMAIL PROTECTED]>
17/02/2004 17:28
Please respond to "Struts Users Mailing List"
To: Struts Users Mailing List <[EMAIL PROTECTED]>
cc:
Subject: Re: Subclassing DynaValidatorForm
Paul-J Woodward wrote:
> The validate method has a request parameter, so I assume you just do
> request.getSession().getAttribute("..."), or I have I misread what you
are
> trying to achieve?
>
Yes, that is true. But that needs the form to be validated to check the
access, too. I want to allow/deny a set(name, value) based on the
current user..
Thanks
Arne
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
