we actually protect EVERY call to our server validating the user rights before proceeding to the service execution.
it just doesn't seem right to show a user a button that he can't click because he don't have the permission to do. it sounds more logical not showing the button at all. of course, validations on server side will catch any click on a forbidden button, then comes the question: why would i show the button then?.. thanks for the advice people. may be i just don't get right the js gui development yet :) -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.