The approach I'm taking now is to use DirectLink (instead of ActionLink) and persist objects in the session. For single objects, this is fairly easy (your DirectLink doesn't need to pass any information). For arrays (or lists) of objects, I keep the array persisted in the session and have the DirectLink pass the index into the array. That way, if a user edits the link information, they can't specify anything that is outside of the stored/persisted array and no PKs are involved. Basically, limit their scope to what is in their session and keep the PKs/objects inside the application (never ever send them to the user).
HTH ... /dev/mrg -----Original Message----- From: Ido M. Tamir [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 04, 2006 2:10 PM To: Tapestry users Subject: Re: What to replace ActionLinks with? FormLinkRenderer outdated On Thursday 03 November 2005 21:43, Lindsay Steele wrote: > I think this is a pretty valid thread. It would be good to know, > that if action link is deprecated then what is the best way to send an > object from page to page without having to expose the primary key. > Any news on that problem? I also ran into this problem, but found mindbridges FormLinkRenderer on t-deli. The problem is that it a) gets a NPE. (but you can easily change that, see below) check for values == null b) uses many deprecated methods. I don't know if this will be somehow updated, but it would be nice if something like this would be included in 4.0.1 Now, if I could only get OSIV to work correctly... best wishes ido private String generateFormFunction(String formName, ILink link, String anchor) { String[] parameterNames = link.getParameterNames(); StringBuffer buf = new StringBuffer(); buf.append("function prepare" + formName + "() {\n"); buf.append(" var html = \"\";\n"); buf.append(" html += \"<div style='position: absolute'>\";\n"); String url = link.getURL(anchor, false); buf.append(" html += \"<form name='" + formName + "' method='post' action='" + url + "'>\";\n"); for (int i = 0; i < parameterNames.length; i++) { String parameter = parameterNames[i]; String[] values = link.getParameterValues(parameter); if( values != null ){ for (int j = 0; j < values.length; j++) { String value = values[j]; buf.append(" html += \"<input type='hidden' name='" + parameter + "' value='" + value + "'/>\";\n"); } } } buf.append(" html += \"<\" + \"/form>\";\n"); buf.append(" html += \"<\" + \"/div>\";\n"); buf.append(" document.write(html);\n"); buf.append("}\n"); buf.append("prepare" + formName + "();\n\n"); return buf.toString(); } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
