Hi,
for every item in a table there's a "delete" link, which should be only visible
for certain users.
ProductAreaListPage.html:
---------------------------------
<tr wicket:id="productAreaTable" class="list">
<td><span wicket:id="id">[id]</span></td>
<td><span wicket:id="name">[name]</span></td>
<td><span wicket:id="description">[description]</span></td>
<td><a wicket:id="editProductArea">Edit…</a></td>
<td><a wicket:id="adminProducts">Products…</a></td>
<td><a wicket:id="deleteProductArea">Delete…</a></td>
</tr>
I created a class for the secure link:
---------------------------------------------------
public abstract class SecureLink extends Link implements ISecureComponent
{
private static final long serialVersionUID = 1L;
public SecureLink(String id, Class c)
{
super(id);
setSecurityCheck(new LinkSecurityCheck(this, c));
}
public ISecurityCheck getSecurityCheck()
{
return SecureComponentHelper.getSecurityCheck(this);
}
public boolean isActionAuthorized(String waspAction)
{
return SecureComponentHelper.isActionAuthorized(this, waspAction);
}
public boolean isActionAuthorized(WaspAction action)
{
return SecureComponentHelper.isActionAuthorized(this, action);
}
public boolean isAuthenticated()
{
return SecureComponentHelper.isAuthenticated(this);
}
public void setSecurityCheck(ISecurityCheck check)
{
SecureComponentHelper.setSecurityCheck(this, check);
}
}
First I tried to use the ComponentSecurityCheck, because I have no real click
target ( I used ProductAreaListPage.class as parameter in the constructor as
dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per
default, I called setUseAlternativeRenderCheck to change to
ComponentSecurityCheck.
ProductAreaListPage.java:
---------------------------------
private class ProductAreaVisibleDataView extends ProductAreaDataView
{
public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
super(id, dataProvider);
}
protected void populateItem(final Item item) {
super.populateItem(item);
final ProductArea productArea = (ProductArea) item.getModelObject();
SecureLink deleteLink = new SecureLink("deleteProductArea",
ProductAreaListPage.class) {
private static final long serialVersionUID = 1L;
public void onClick() {
if (productArea.getDeleted())
return;
productArea.setDeleted(true);
productAreaService.save(productArea);
invalidateDataProviders();
}
};
((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
item.add(deleteLink);
}
}
Because the wicket id deleteProductArea exists for each item in the list, my
policy file would need such permission for each item. This is no real solution,
because I don't know, how many items the list will contain (But it worked in
the example for the first 4 items).
Appl.hive:
------------
// Product area list page - Delete link
permission ${ComponentPermission}
"${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea",
"inherit, render";
permission ${ComponentPermission}
"${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea",
"inherit, render";
permission ${ComponentPermission}
"${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea",
"inherit, render";
permission ${ComponentPermission}
"${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea",
"inherit, render";
So I tried to change to use the ClassSecurityCheck. There the user must have
rights for the target class. I created a dummy class:
ClickTargetDummy.java:
------------------------------*
*package xxx.yyy.zzz.front.security;
public class ClickTargetDummy
{
}
ProductAreaListPage.java:
---------------------------------
SecureLink deleteLink = new SecureLink("deleteProductArea",
ClickTargetDummy.class) {
private static final long serialVersionUID = 1L;
public void onClick() {
if (productArea.getDeleted())
return;
productArea.setDeleted(true);
productAreaService.save(productArea);
invalidateDataProviders();
}
};
Appl.hive:
---------
permission ${ComponentPermission} "${front}.security.ClickTargetDummy",
"inherit, render, enable";
This solution works, but I have to create the dummy class. Perhaps other
solutions are possible ???
Thanks in advance
Andrea
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
*http://smartsurfer.web.de/?mc=100071&distributionid=000000000066*
[http://smartsurfer.web.de/?mc=100071&distributionid=000000000066]
