On 11/30/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I have a pretty wierd requirement to not show the login link or allow
admin/editor access unless the requester is coming from a particular location.
I'm using Acegi to do this and indeed I can make decisions based on the origin
of the request.
But, in the menu of the main page the items are being driven by menu-tabbed.vm
which does a test of $item.isPermitted($req)
I can't see where this is defined, or indeed if it leverages the Acegi
authorities granted. Any pointers? Would I have to override the menu file to
use acegi velocity $authz syntax instead ?
Take a look at BaseRollerMenu.java to see the implemenation of
isPermitted(). It uses the Servlet API to determine the user's global
role and the Roller POJOs to determine weblog-specific role.
- Dave
