Hi Dan,My first thought would be to use an NSValidation validateKey() method in your WOComponent. This is called before setKey() and would allow you to check credentials and throw an NSValidation.ValidationException to block the update if the user is not allowed to edit the setting. If you're operating directly on your model object, validateKey should still work, but you'll still need to have your validationFailedWithException method located in the WOComponent that is accessing the model object.
But beware, all the really smart regulars are at WOWODC right now. I'm just throwing an idea out there.
Good luck. On Jun 12, 2008, at 7:13 PM, Dan Grec wrote:
All,We're currently using the "disabled" binding (and thus HTML) to stop text entry into fields when a user doesn't have access.(i.e. WOTextField, WOCheckbox, etc)This presents a problem, as users can use an inline proxy or firebug to submit the data anyway, which gets saved. Our customers are complaining this is a security risk, so we have to do something.We're trying to come up with a way to handle the disabling on the server side, rather than letter the browser deal with it. We thought about conditionally rending them as a text equivelant (ie WOString instead of WOTextField) but this will be pretty annoying for WOCheckbox & WORadioButton.Does anyone have any suggestions? Thanks, -Dan _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription:http://lists.apple.com/mailman/options/webobjects-dev/rgurley %40mac.comThis email sent to [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
