[
https://issues.apache.org/jira/browse/ISIS-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14728952#comment-14728952
]
ASF subversion and git services commented on ISIS-1044:
-------------------------------------------------------
Commit d120bf747f5fecf61bc98d4a9a74cdde77e42eec in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=d120bf7 ]
ISIS-1044: adding interactionInitiatedBy as param to all interactions with
metamodel members.
- renamed/repurposed InvocationInteractionMethod
also:
- added new RendererContext4 to provide access to this info
- removed AuthenticationSession/DeploymentCategory as parameters to
ObjectMember calls (since are injected)
- call with InteractionInitiatedBy.USER for Wicket UI, Restful Objects server,
WrapperFactory proxy when executionMode == enforce_rules
- call with InteractionInitiatedBy.FRAMEWORK for Memento, Auditing,
XmlSnapshot, Dump, DomainObjectContainer#validate(), Title context,
RecreatableObjectFacet (ie view models) and WrapperFactory proxy when
executionMode != enforce_rules
Still to do:
- remove the ThreadLocal accessed by ObjectAdapter.Util#isVisible()
- should inject AuthenticationSessionProvider and DeploymentCategoryProvider
into all facet factories, so can then propogate into Facet impls and not have
to pass in as parameters
- should write MetaModelValidator to disallow previous use of the old
InteractionInvocationMethod (ProgramPersistable interface etc, ie
NotPersistableFacet implementations).
- remove DeploymentCategory, AuthenticationSession from the InteractionContext
class hierarchy and also ParseValueContext
> Table counts and gmap3/fullcalendar2 do not honour any vetoing, eg by
> subscribers or WithApplicationTenancy
> -----------------------------------------------------------------------------------------------------------
>
> Key: ISIS-1044
> URL: https://issues.apache.org/jira/browse/ISIS-1044
> Project: Isis
> Issue Type: Improvement
> Components: Core
> Affects Versions: viewer-wicket-1.7.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: 1.11.0
>
>
> Suppose that the Isis addon security module is being used with application
> tenancy checking; this means that the Wicket table
> (CollectionContentsAsAjaxTable) will only show rows for those entities for
> which the user is authorized (the visibility has not been vetoed).
> However, the underlying EntityCollectionModel does contain those objects, and
> the size of that collection is what is shown in the "showing 1-5 of 15"
> totals etc rendered at the bottom of the table.
> So the question is: how to ensure that figure is correct?
> * One option is to eagerly check the visibility of every item (even those not
> on the current page).
> * Another option is to suppress the totals, somehow (would require additional
> metadata, along with a worse UI for users
> ~~~
> Related: the gmap3/fullcalendar2/excel Isis addons do not check for the
> object visibility, meaning that they expose information when they should not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
