RE: Logging out when trying to access screen

Wed, 18 Jul 2001 11:34:20 -0700 

I thought i saw this somewhere in the archives.
You could try this in your template:

#if ($data.getACL().hasRole("...."))
  doSomething
#else
  doSomeOtherStuff
#end

-keng

> -----Original Message-----
> From: Andres Portillo [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 18, 2001 12:19 PM
> To: Turbine-user
> Subject: Logging out when trying to access screen
> 
> 
> Hi All,
> 
>     I'm working in a an application using Turbine and I'm having a
> problem with the security model (the most likely is that
> I'm missing something). I create a few more roles besides the one
> defined by default. I want those roles to be able to access
> some new screen I'm creating.
> 
>     In the class SecureScreen I'm adding the next code:
> 
>      protected boolean isAuthorized( RunData data )  throws Exception
>     {
>         boolean isAuthorized = false;
> 
>         AccessControlList acl = data.getACL();
> 
>         if (acl!=null && (acl.hasRole("turbine_root")
>          || acl.hasRole(GlobalConstant.ROLE_1)
>          || acl.hasRole(GlobalConstant.ROLE_2)
>          || acl.hasRole(GlobalConstant.ROLE_3)
>         )
>    )
>         {
>             isAuthorized = true;
>         }
>         else
>         {
>             data.getTemplateInfo().setScreenTemplate(
>                 TurbineResources.getString("template.login"));
> 
>             data.setScreen(TurbineResources.getString("screen.login"));
>             isAuthorized = false;
> 
>         }
>         return isAuthorized;
>     }
> 
>    I'm doing the same in SecureAction. I'm under the impression that
> those are the only two places that I have to modify to let an user
> access my app. This is working fine when I'm trying to access an URL
> that has an Screen class associated with it (and then a Velocity
> Template), but it is not working when I try to access an URL that has
> just a Velocity Template.
> 
>             1) URL ->  Screen class -> template    (ok)
>            2)  URL -> template  (does not work).
> 
>     I've dig a little in the code and it seems that in the second case
> the request never access the code I edit in SecureScreen, so there might
> be a different place to add that validation logic? I would appreciate
> any help or advice regarding this problem.
> 
> Thanks in advance.
> 
> andres
> 
> 
> --
> =============================================
> Andres G. Portillo D.
> Software Engineer
> Veratech  (www.veratech.com.mx)
> =============================================
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to