Hi, I'm just wondering is there a general solution to the following example:
I pass a TeamId as a request parameter to a PersonAction to list all people in a team with Person.TeamId=TeamId. However I want to stop a logged in user being able to manually change the Team Id and look up people they do not have permission to view. Any pointers on this would be appreciated. Thanks Philip -- View this message in context: http://www.nabble.com/ID-Passed-as-Parameter-tf4837198s2369.html#a13838680 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
