I thought about that... But the "protection" is based on role, and the "state" of the JSP page
Basically anyone can update any field if adding a new record..
But if updating an existing record, only certain users.
And the less privleged user should be able to "see" the data so I wanted to use "disabled" on my Struts tags if the record is being updated and if the user doesn't have privileges.
In code I'd set disabled if (!authorized && update)
So if i am using <html-el:select disabled=${disabled}> I can set disabled=(!authorized && update) in my Action.
Though it seems like I shouldn't have to do that in code (rather do it in the JSP or from configuration.
right. this is why the authz tag should be able to set a scoped variable. so then you could do something like:
<authz var="authorized" .../> <c:set var="update" value="true"/>
<html-el:select disabled="${!authorized && update}">i proposed adding this capability to the authz tag a while back, but i never got around to it, heh.
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
