Dan Haywood created ISIS-1044:
---------------------------------
Summary: Table counts and gmap3/fullcalendar2 do not honour any
vetoing, eg by subscribers or WithApplicationTenancy
Key: ISIS-1044
URL: https://issues.apache.org/jira/browse/ISIS-1044
Project: Isis
Issue Type: Improvement
Components: Core
Affects Versions: viewer-wicket-1.7.0
Reporter: Dan Haywood
Assignee: Dan Haywood
Priority: Minor
Fix For: viewer-wicket-1.9.0
Suppose that the Isis addon security module is being used with application
tenancy checking; this means that the Wicket table
(CollectionContentsAsAjaxTable) will only show rows for those entities for
which the user is authorized (the visibility has not been vetoed).
However, the underlying EntityCollectionModel does contain those objects, and
the size of that collection is what is shown in the "showing 1-5 of 15" totals
etc rendered at the bottom of the table.
So the question is: how to ensure that figure is correct?
* One option is to eagerly check the visibility of every item (even those not
on the current page).
* Another option is to suppress the totals, somehow (would require additional
metadata, along with a worse UI for users
~~~
Related: the gmap3/fullcalendar2/excel Isis addons do not check for the object
visibility, meaning that they expose information when they should not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
