Pivot doesn't currently support any concept of "roles". I know Java EE has such
a concept, but I'm not sure if it exists on the client. If it does, we could
consider adding something like this (in your example, the WTKX serializer would
assume that HasRole is a type of component, which it probably is not):
<Label Form.label="%volume" Form.role="ROLE_ADMIN" textKey="volume"/>
If Java SE doesn't provide access to a user's role, then we probably wouldn't
want to do this, since it would involve establishing a security infrastructure
on the client and that is outside the scope of what Pivot aims to provide.
Greg
On Sunday, April 26, 2009, at 03:45PM, "Jorg Heymans" <[email protected]>
wrote:
>Hi,
>
>A typical way to handle view level security in e.g. a JSP webapp is to
>surround the widgets you want to protect with some sort of condition
>linked to a security provider i.e.
>
><hasRole name="ROLE_ADMIN">
> <input type="submit" name="DELETE">
></hasRole>
>
>Has it been considered to add this kind of security to the wtkx file
>format ? Something like
>
><Form styles="{rightAlignLabels:true, fieldAlignment:'right'}">
> <fields>
> <Label Form.label="%value" textKey="value"/>
> <Label wtkx:id="changeLabel" Form.label="%change" textKey="change"/>
> <Label Form.label="%openingValue" textKey="openingValue"/>
> <Label Form.label="%highValue" textKey="highValue"/>
> <Label Form.label="%lowValue" textKey="lowValue"/>
> <HasRole name="ROLE_ADMIN">
> <Label Form.label="%volume" textKey="volume"/>
> </HasRole>
> </fields>
></Form>
>
>which would display the volume label only if the user possesses that
>role. Ofcourse the RoleProvider would have to be pluggable, and
>thinking about it perhaps even a more generic "visibility" strategy is
>in order, so that you would not be bound to the notion of roles to
>conditionally display a widget.
>
>WDYT ?
>
>Regards,
>Jorg
>
>
