The implementation does not do the whole check, it does it
per component.
The way i see it the scenario you propose
is:
there are two paths for disabled
components,
1) if component is disabled - render it
disabled
2) if component is disabled - block access to the
page
using the interface that is an implementation detail and
here is an example implementation:
boolean allowEnabled(Component c) {
boolean allow=...go figure this
out;
if (c instanceof PageCriticalComponent)
{
// these component prevent the use of page if
disabled
throw new SecurityException();
}
// these components simply appear
disabled
return allow;
-Igor
where will allowRender() be called in wicket?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johan Compagner
Sent: Wednesday, October 26, 2005 4:04 PM
To: wicket-develop@lists.sourceforge.net
Subject: Re: [Wicket-develop] integrating authorization
I think the most logical first place it the Page.checkAccess() or Page.checkSecurity() that is also called besides checkAccess()
Does then the implementation do the compleet check for the page?
So the page itself and then all the components on the page?
But how does it check the components and there model data? ( think models need some kind of marker interface like SecurityModel)
Because it can be that a form's model data is saying i can't render so the page can be renderd
But a link can also say i can't be renderd but that doesn't mean the page can't be rendered (just the link can't be rendered)
Or if allowRender() is false in any component/model on the page then the complete page can't be rendered
but then allowEnabled is used to say to a link that it can't be visible (so there are no non enabled links they are always not rendered)
On 10/27/05, Eelco Hillenius <[EMAIL PROTECTED]> wrote:Here's the interface method we (Jonathan, Igor and I) think will work:
/**
* Checks whether an instance of the given component class may be created.
* If this method returns false, a [EMAIL PROTECTED] AuthorizationException} is thrown
* in during construction.
*
* @param c
* the component to check for
* @return whether the given component may be created
*/
boolean allowCreateComponent(Class c);
/**
* Gets whether the given component may be rendered. If this method returns
* false, the component is not rendered, and neither are it's children.
*
* @param c
* the component to check for
* @return whether the given component may be rendered
*/
boolean allowRender(Component c);
/**
* <p>
* Gets whether a component is allowed to be enabled. If this method returns
* true, a component may decide by itself (typically using it's enabled
* property) whether it is enabled or not. If this method returns false, the
* passed component is marked disabled, regardless it's enabled property.
* </p>
* <p>
* When a component is not allowed to be enabled (in effect disabled through
* the implementation of this interface), Wicket will try to prevent model
* updates too. This is not completely fail safe, as constructs like:
*
* <pre>
* User u = (User)getModelObject();
* u.setName("got you there!");
* </pre>
*
* can't be prevented. Indeed it can be argued that any model protection is
* best dealt with in your model objects to be completely secured. Wicket
* will catch all normal use though.
*
* </p>
*
* @param c
* the component to check for
* @return whether a component is allowed to be enabled
*/
boolean allowEnabled(Component c);
Eelco
On 10/26/05, Eelco Hillenius < [EMAIL PROTECTED]> wrote:
> Well, then there's no special wicket support for that nescesarry either.
>
> > I only want to test at a certain point what is inside the model. And if a
> > user can see that object
> > and if he can see it if he can alter it.
> >
>
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Wicket-develop mailing list
Wicket-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-develop
