If the difference between the download size of your UI for admins
versus regular users is large than you may want to consider splitting
the UI as suggested elsewhere in this thread. You will have to decide
if this is worth the effort in your case. My understanding of the
client side of GAE applications is that the app is only downloaded
once and stays cached unless the app changes.
On Nov 28, 6:52 am, Drew Spencer <slugmand...@gmail.com> wrote:
> Hi guys, and thanks for the answers.
>
> So it seems the answers you have given are two-fold. I hadn't really got to
> thinking about securing the server yet as I am just building a prototype
> and still learning as I go. However, now seems as good a time as any to
> secure the RPC calls. Would something as simple as this do the trick,
> inside the function in the ProgServiceImpl:
>
> if(loginInfo.isAdminUser())
> {
>
> // perform RPC call as usual and return
>
> }
>
> else
> {
>
> throw UserNotAdminException("blah");
>
> }
>
> On to the client code... Craig, are you saying that it is best to have all
> of the admin and regular controls in the uibinder template, and then hide
> things if the user is not an admin? This seems illogical to me, as most
> users are not admins so they are downloading code that they will never see?
> Am I missing something? Is this where deferred binding comes in?
>
> Thanks again for you help. I'll get securing those RPC methods!
>
> Drew
>
>
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
