Yes there are other solutions :) In this case you would use a DataPermission. Something like permission ${DataPermission} "delete_product", "enable"; coupled with a DatasecurityCheck on your links like so: setSecurityCheck(new DataSecurityCheck("delete_product")); will do the trick.
Maurice On Thu, May 15, 2008 at 3:22 PM, Andrea Jahn <[EMAIL PROTECTED]> wrote: > > > Hi, > > for every item in a table there's a "delete" link, which should be only > visible for certain users. > > ProductAreaListPage.html: > --------------------------------- > > <tr wicket:id="productAreaTable" class="list"> > <td><span wicket:id="id">[id]</span></td> > <td><span wicket:id="name">[name]</span></td> > <td><span wicket:id="description">[description]</span></td> > <td><a wicket:id="editProductArea">Edit…</a></td> > <td><a wicket:id="adminProducts">Products…</a></td> > <td><a wicket:id="deleteProductArea">Delete…</a></td> > </tr> > > I created a class for the secure link: > --------------------------------------------------- > > public abstract class SecureLink extends Link implements ISecureComponent > { > private static final long serialVersionUID = 1L; > > public SecureLink(String id, Class c) > { > super(id); > setSecurityCheck(new LinkSecurityCheck(this, c)); > } > > public ISecurityCheck getSecurityCheck() > { > return SecureComponentHelper.getSecurityCheck(this); > } > > public boolean isActionAuthorized(String waspAction) > { > return SecureComponentHelper.isActionAuthorized(this, waspAction); > } > > public boolean isActionAuthorized(WaspAction action) > { > return SecureComponentHelper.isActionAuthorized(this, action); > } > > public boolean isAuthenticated() > { > return SecureComponentHelper.isAuthenticated(this); > } > > public void setSecurityCheck(ISecurityCheck check) > { > SecureComponentHelper.setSecurityCheck(this, check); > } > } > > First I tried to use the ComponentSecurityCheck, because I have no real click > target ( I used ProductAreaListPage.class as parameter in the constructor as > dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per > default, I called setUseAlternativeRenderCheck to change to > ComponentSecurityCheck. > > > ProductAreaListPage.java: > --------------------------------- > private class ProductAreaVisibleDataView extends ProductAreaDataView > { > public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) { > super(id, dataProvider); > } > > protected void populateItem(final Item item) { > super.populateItem(item); > final ProductArea productArea = (ProductArea) item.getModelObject(); > > SecureLink deleteLink = new SecureLink("deleteProductArea", > ProductAreaListPage.class) { > private static final long serialVersionUID = 1L; > > public void onClick() { > if (productArea.getDeleted()) > return; > > productArea.setDeleted(true); > productAreaService.save(productArea); > invalidateDataProviders(); > } > }; > > ((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true); > item.add(deleteLink); > } > } > > > > Because the wicket id deleteProductArea exists for each item in the list, my > policy file would need such permission for each item. This is no real > solution, because I don't know, how many items the list will contain (But it > worked in the example for the first 4 items). > > > Appl.hive: > ------------ > // Product area list page - Delete link > permission ${ComponentPermission} > "${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea", > "inherit, render"; > permission ${ComponentPermission} > "${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea", > "inherit, render"; > permission ${ComponentPermission} > "${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea", > "inherit, render"; > permission ${ComponentPermission} > "${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea", > "inherit, render"; > > > So I tried to change to use the ClassSecurityCheck. There the user must have > rights for the target class. I created a dummy class: > > ClickTargetDummy.java: > ------------------------------* > > *package xxx.yyy.zzz.front.security; > > public class ClickTargetDummy > { > } > > ProductAreaListPage.java: > --------------------------------- > > SecureLink deleteLink = new SecureLink("deleteProductArea", > ClickTargetDummy.class) { > private static final long serialVersionUID = 1L; > > public void onClick() { > if (productArea.getDeleted()) > return; > > productArea.setDeleted(true); > productAreaService.save(productArea); > invalidateDataProviders(); > } > }; > > Appl.hive: > --------- > permission ${ComponentPermission} "${front}.security.ClickTargetDummy", > "inherit, render, enable"; > > > > This solution works, but I have to create the dummy class. Perhaps other > solutions are possible ??? > > Thanks in advance > Andrea > > > > > > > > > > Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > *http://smartsurfer.web.de/?mc=100071&distributionid=000000000066* > [http://smartsurfer.web.de/?mc=100071&distributionid=000000000066] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]