RE: detect user roles (somthing like )

Sat, 26 Nov 2005 23:08:18 -0800 

        I do the same thing, but I'm uncomfortable relying on it as a sole
source of security. Theoretically a user without role X could still submit a
form containing fields for role X (it's just a formatted text string) and
thus punch above his weight.

        So I've got a whole *second* layer of security underneath where I
cross reference the transaction with the role to verify authorization. I do
wish there was a way to kill both birds with one stone, but I haven't
figured out what it is yet. (for the similar, but not identical problem of
preventing folks from submitting synthetic GETS instead of POSTS, I've got a
solution though).

        --- Pat

> -----Original Message-----
> From: Richard Clark [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 26, 2005 9:17 PM
> To: Tapestry users
> Subject: Re: detect user roles (somthing like <html:logic roles="" >)
> 
> That's basically how I've done it in a production app. I wrote an
> "isAvailableForRole" method and created a Role enumeration, so the
> HTML looks like:
> 
> <div jwcid="@Conditional" condition="isAvailableForRole(@[EMAIL PROTECTED])">
> ...
> </div>
> 
> I've started thinking how to cut this over to ACEGI as well (and how
> I could do this in T4...)
> 
>   ...Richard
> 
> 
> 
> On Nov 26, 2005, at 18:28, Patrick Casey wrote:
> 
> >
> >     <span jwcid="@Conditional" condition="currentUser.Role == 'foo'">
> >             Foo
> >     </span>
> >
> >     Might work for you.
> >
> >> -----Original Message-----
> >> From: radone [mailto:[EMAIL PROTECTED]
> >> Sent: Friday, November 25, 2005 9:13 AM
> >> To: [email protected]
> >> Subject: detect user roles (somthing like <html:logic roles="" >)
> >>
> >> Hi,
> >>
> >> could anyone help me how to detect roles of user in Tapestry?
> >>
> >> Something like (struts)
> >>  <html:logic roles="admin"> Amin's text </html:logic>
> >>
> >> Thanks in advance.
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: tapestry-user-
> >> [EMAIL PROTECTED]
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to