> >
> > The behaviour of screens is that if a screen is called on a
> > dead session, the doBuild function for that screen is
> > never called.
> >
> > I propose that the behaviour of actions should be identical:
> > If an action is called on a dead session, the doPerform
> > function for that
> > action is never called.
> >
> > Magnus
>
> Yes, you are right. One easy solution for this would be to have a
> BaseAction that checks the ACL as well as the users
> session to see if it is valid first. We cannot do this as
> a core Turbine thing because someone might not want to have this.
>
> -jon
>
I checked out where the screen is switched, and it is
in the DefaultSessionValidator. A diff to resolve this follows:
--- DefaultSessionValidator.java.original Fri Sep 15 06:22:10 2000
+++ DefaultSessionValidator.java Fri Sep 15 22:02:53 2000
@@ -105,6 +105,7 @@
{
data.setMessage(TurbineResources.getString("login.message"));
data.setScreen(TurbineResources.getString("screen.login"));
+ data.setAction("");
}
else if ( ! data.hasScreen() )
{
It seems to me that this is a more normal default setting, since
an action when the session is dead does not make sense to me
and is very likely to cause unpredictable results.
Since this is a modification of the DefaultSessionValidator, it
can be overridden with the old behaviour if people so wish.
In response to Jon's remark about ACLs I was going to propose the
adding a getAuthorization function to Action, but it now seems
that the same could be accomplished by overriding perform().
Would an Action checking ACLs and running a specific action
defined in TurbineResources.properties if it failed,
make sense as part of the turbine distribution?
Magnus
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
