> > 
> > The behaviour of screens is that if a screen is called on a 
> > dead session, the doBuild function for that screen is 
> > never called.
> > 
> > I propose that the behaviour of actions should be identical:
> > If an action is called on a dead session, the doPerform 
> > function for that
> > action is never called.
> >
> > Magnus
> 
> Yes, you are right. One easy solution for this would be to have a 
> BaseAction that checks the ACL as well as the users 
> session to see if it is valid first. We cannot do this as 
> a core Turbine thing because someone might not want to have this.
> 
> -jon
> 

I checked out where the screen is switched, and it is 
in the DefaultSessionValidator. A diff to resolve this follows:

--- DefaultSessionValidator.java.original       Fri Sep 15 06:22:10 2000
+++ DefaultSessionValidator.java        Fri Sep 15 22:02:53 2000
@@ -105,6 +105,7 @@
         {
             data.setMessage(TurbineResources.getString("login.message"));
             data.setScreen(TurbineResources.getString("screen.login"));
+            data.setAction("");
         }
         else if ( ! data.hasScreen() )
         {

It seems to me that this is a more normal default setting, since 
an action when the session is dead does not make sense to me 
and is very likely to cause unpredictable results.  

Since this is a modification of the DefaultSessionValidator, it 
can be overridden with the old behaviour if people so wish.



In response to Jon's remark about ACLs I  was going to propose the 
adding a getAuthorization function to Action, but it now seems 
that the same could be accomplished by overriding perform().  
Would an Action checking ACLs and running a specific action 
defined in TurbineResources.properties if it failed, 
make sense as part of the turbine distribution?

Magnus




------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]

Reply via email to