Re: Access request from tml / standard servlet api role support
Hi Thiago, thanks for the hint, I didn't knew that I can @Inject HttpServletRequest! One never stops learning... Thanks, Luca > Sent: Saturday, April 28, 2018 at 8:55 PM > From: "Thiago H. de Paula Figueiredo" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > Hello, everyone! > > On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev > wrote: > > > As others pointed in this thread, the Tapestry way of dealing with your > > requirement is to create a new component, > > similar to `t:If`, that would accept a role name as it's parameter so you > > could render it's body conditionally if user is in role, i.e.: > > > > public class HasRole extends > > org.apache.tapestry5.corelib.base.AbstractConditional > > { > > @Inject RequestGlobals requestGlobals; > > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) > > String role; > > > > @Override > > protected boolean test() > > { > > return requestGlobals.getHTTPServletRequest().isUserInRole(role); > > } > > } > > > > Above code is almost a copy-paste of tapestry-security's HasRole component > > [4]. > > > > I believe that, for the context of the question (i.e. not being able to use > tapestry-security), that's the Right Way of doing this. You want something > code encapsulated so it can be easily reused in Tapestry? Put it in a > component (or a mixin in some cases), and Tapestry makes it very simple to > do it. It may be possible to plug authentication and authorization logic > from Spring Security into Shiro, which is incredibly well-architected and > flexible, but I guess it's overkill here. > > I'd just make a little change: @Inject HttpServletRequest directly instead > of getting it through RequestGlobals. > > -- > Thiago > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Hello Thiago, ciao is fine, you are right! The idea of binding prefix is interesting, I never thought of using it this way! Thanks again, Luca > Sent: Saturday, April 28, 2018 at 8:55 PM > From: "Thiago H. de Paula Figueiredo" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > On Sat, Apr 28, 2018 at 7:51 AM, Luca Arzeni wrote: > > > Hi, > > > > Hello, Luca! (Ciao? :D ) > > > > this is an idea, but I was hoping to have direct access to the request. > > In tapestry3 there was a direct way to access the Visit Object, and the > > ognl was well documented, but it seems that there is no more similar in > > tapestry5. > > > > There isn't and that's by design. The Tapestry 5 philosophy, at least the > internal one, is to have the least code in templates possible, so > ressurecting Tapestry 4-'s direct access to the request object wouldn't > make sense, IMHO. You can always create your own binding prefixes, though, > so you can do basically everything with Tapestry expressions as long as > you're willing to implement a binding prefix. > > > > > > Thank you, > > larzeni > > > > > > > Sent: Saturday, April 28, 2018 at 12:41 AM > > > From: "pico.dev" > > > To: "Tapestry users" > > > Subject: Re: Access request from tml / standard servlet api role support > > > > > > Hi, > > > > > > Maybe you can implement a new conditional component that checks the role > > > and render or not its body. Something like this: > > > > > > > > > SAVE DATA > > > > > > > > > See https://tapestry.apache.org/component-rendering.html > > > > > > Regards, > > > > > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > > > escribió: > > > > > > > Hi, > > > > I'm using tapestry5.4 with java 8. > > > > > > > > I am using the standard servlet API to check if a user is in role or > > not, > > > > to hide or show buttons, links, and so on. > > > > > > > > For example, I need to show a button to the user only if the user has > > been > > > > granted a role. > > > > > > > > My usual way to to this is: > > > > > > > > 1) create a method in the page, for example: > > > > > > > > @Inject > > > > RequestGlobals m_requestGlobals; > > > > > > > > public boolean isUserAdmin() { > > > > if (m_requestGlobals == null) { > > > > return false; > > > > } > > > > return m_requestGlobals.isUserInRole("ADMIN"); > > > > } > > > > > > > > 2) then, in the tml, check the method using a t:if component, for > > example: > > > > > > > > > > > > SAVE > > DATA > > > > > > > > > > > > This is not so good, since I must reimplement the same method in many > > > > pages. > > > > > > > > Is there any way could I access the requestGlobals directly from tml? > > > > > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > > > > > > > > > SAVE DATA > > > > > > > > > > > > > > > > Is it possible to do this with tapestry5? > > > > > > > > Thanks in advance, > > > > larzeni > > > > > > > > - > > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > > > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > -- > Thiago > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Hi Dmitry, I ended up doing a component as you suggested. I will take a look at tapestry-security when I have a little more time. Thanks again, larzeni > Sent: Saturday, April 28, 2018 at 1:45 PM > From: "Dmitry Gusev" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > Hi Luca, > > Component parameters syntax is built about binding expressions [1], i.e. > "prefix:expression". > > By default the prefix is "prop:", unless explicitly overridden for specific > parameter [2]. > > You can find detailed explanation for property expressions, including its > BNF grammar, in official Tapestry documentation [3]. > > Property expressions are always evaluated in the context of current > page/component. > > It's called "property" expression, because it uses JavaBean-notation > properties (@Property annotation can generate get/set methods around field > at runtime). > > So in order for your expression `request.isUserInRole("ADMIN")` to work, > the `request` must be a @Property (or has `getRequest()` method) in your > page/component, i.e.: > > @Inject > @Property > Request request; > > There are no special cases for the built-in services in the BNF > for property expressions [3]. > > As others pointed in this thread, the Tapestry way of dealing with your > requirement is to create a new component, > similar to `t:If`, that would accept a role name as it's parameter so you > could render it's body conditionally if user is in role, i.e.: > > public class HasRole extends > org.apache.tapestry5.corelib.base.AbstractConditional > { > @Inject RequestGlobals requestGlobals; > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) > String role; > > @Override > protected boolean test() > { > return requestGlobals.getHTTPServletRequest().isUserInRole(role); > } > } > > Above code is almost a copy-paste of tapestry-security's HasRole component > [4]. > > The only difference is this component uses servlet API directly for role > checking, > while is tapestry-security is built around Apache Shiro [5], > and provides more advanced security model than simple role model of the > servlet API. > > I highly recommend tapestry-security if you need anything more than > built-in servlet API role model. > > [1] > http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions > [2] > https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix() > [3] http://tapestry.apache.org/property-expressions.html > [4] http://www.tynamo.org/tapestry-security+guide/ > [5] https://shiro.apache.org > > On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni wrote: > > > Hi, > > I'm using tapestry5.4 with java 8. > > > > I am using the standard servlet API to check if a user is in role or not, > > to hide or show buttons, links, and so on. > > > > For example, I need to show a button to the user only if the user has been > > granted a role. > > > > My usual way to to this is: > > > > 1) create a method in the page, for example: > > > > @Inject > > RequestGlobals m_requestGlobals; > > > > public boolean isUserAdmin() { > > if (m_requestGlobals == null) { > > return false; > > } > > return m_requestGlobals.isUserInRole("ADMIN"); > > } > > > > 2) then, in the tml, check the method using a t:if component, for example: > > > > > > SAVE DATA > > > > > > This is not so good, since I must reimplement the same method in many > > pages. > > > > Is there any way could I access the requestGlobals directly from tml? > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > SAVE DATA > > > > > > > > Is it possible to do this with tapestry5? > > > > Thanks in advance, > > larzeni > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Hello, everyone! On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev wrote: > As others pointed in this thread, the Tapestry way of dealing with your > requirement is to create a new component, > similar to `t:If`, that would accept a role name as it's parameter so you > could render it's body conditionally if user is in role, i.e.: > > public class HasRole extends > org.apache.tapestry5.corelib.base.AbstractConditional > { > @Inject RequestGlobals requestGlobals; > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) > String role; > > @Override > protected boolean test() > { > return requestGlobals.getHTTPServletRequest().isUserInRole(role); > } > } > > Above code is almost a copy-paste of tapestry-security's HasRole component > [4]. > I believe that, for the context of the question (i.e. not being able to use tapestry-security), that's the Right Way of doing this. You want something code encapsulated so it can be easily reused in Tapestry? Put it in a component (or a mixin in some cases), and Tapestry makes it very simple to do it. It may be possible to plug authentication and authorization logic from Spring Security into Shiro, which is incredibly well-architected and flexible, but I guess it's overkill here. I'd just make a little change: @Inject HttpServletRequest directly instead of getting it through RequestGlobals. -- Thiago
Re: Access request from tml / standard servlet api role support
On Sat, Apr 28, 2018 at 7:51 AM, Luca Arzeni wrote: > Hi, > Hello, Luca! (Ciao? :D ) > this is an idea, but I was hoping to have direct access to the request. > In tapestry3 there was a direct way to access the Visit Object, and the > ognl was well documented, but it seems that there is no more similar in > tapestry5. > There isn't and that's by design. The Tapestry 5 philosophy, at least the internal one, is to have the least code in templates possible, so ressurecting Tapestry 4-'s direct access to the request object wouldn't make sense, IMHO. You can always create your own binding prefixes, though, so you can do basically everything with Tapestry expressions as long as you're willing to implement a binding prefix. > > Thank you, > larzeni > > > > Sent: Saturday, April 28, 2018 at 12:41 AM > > From: "pico.dev" > > To: "Tapestry users" > > Subject: Re: Access request from tml / standard servlet api role support > > > > Hi, > > > > Maybe you can implement a new conditional component that checks the role > > and render or not its body. Something like this: > > > > > > SAVE DATA > > > > > > See https://tapestry.apache.org/component-rendering.html > > > > Regards, > > > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > > escribió: > > > > > Hi, > > > I'm using tapestry5.4 with java 8. > > > > > > I am using the standard servlet API to check if a user is in role or > not, > > > to hide or show buttons, links, and so on. > > > > > > For example, I need to show a button to the user only if the user has > been > > > granted a role. > > > > > > My usual way to to this is: > > > > > > 1) create a method in the page, for example: > > > > > > @Inject > > > RequestGlobals m_requestGlobals; > > > > > > public boolean isUserAdmin() { > > > if (m_requestGlobals == null) { > > > return false; > > > } > > > return m_requestGlobals.isUserInRole("ADMIN"); > > > } > > > > > > 2) then, in the tml, check the method using a t:if component, for > example: > > > > > > > > > SAVE > DATA > > > > > > > > > This is not so good, since I must reimplement the same method in many > > > pages. > > > > > > Is there any way could I access the requestGlobals directly from tml? > > > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > > > > > SAVE DATA > > > > > > > > > > > > Is it possible to do this with tapestry5? > > > > > > Thanks in advance, > > > larzeni > > > > > > - > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Thiago
Re: Access request from tml / standard servlet api role support
Hi Luca, Component parameters syntax is built about binding expressions [1], i.e. "prefix:expression". By default the prefix is "prop:", unless explicitly overridden for specific parameter [2]. You can find detailed explanation for property expressions, including its BNF grammar, in official Tapestry documentation [3]. Property expressions are always evaluated in the context of current page/component. It's called "property" expression, because it uses JavaBean-notation properties (@Property annotation can generate get/set methods around field at runtime). So in order for your expression `request.isUserInRole("ADMIN")` to work, the `request` must be a @Property (or has `getRequest()` method) in your page/component, i.e.: @Inject @Property Request request; There are no special cases for the built-in services in the BNF for property expressions [3]. As others pointed in this thread, the Tapestry way of dealing with your requirement is to create a new component, similar to `t:If`, that would accept a role name as it's parameter so you could render it's body conditionally if user is in role, i.e.: public class HasRole extends org.apache.tapestry5.corelib.base.AbstractConditional { @Inject RequestGlobals requestGlobals; @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) String role; @Override protected boolean test() { return requestGlobals.getHTTPServletRequest().isUserInRole(role); } } Above code is almost a copy-paste of tapestry-security's HasRole component [4]. The only difference is this component uses servlet API directly for role checking, while is tapestry-security is built around Apache Shiro [5], and provides more advanced security model than simple role model of the servlet API. I highly recommend tapestry-security if you need anything more than built-in servlet API role model. [1] http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions [2] https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix() [3] http://tapestry.apache.org/property-expressions.html [4] http://www.tynamo.org/tapestry-security+guide/ [5] https://shiro.apache.org On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni wrote: > Hi, > I'm using tapestry5.4 with java 8. > > I am using the standard servlet API to check if a user is in role or not, > to hide or show buttons, links, and so on. > > For example, I need to show a button to the user only if the user has been > granted a role. > > My usual way to to this is: > > 1) create a method in the page, for example: > > @Inject > RequestGlobals m_requestGlobals; > > public boolean isUserAdmin() { > if (m_requestGlobals == null) { > return false; > } > return m_requestGlobals.isUserInRole("ADMIN"); > } > > 2) then, in the tml, check the method using a t:if component, for example: > > > SAVE DATA > > > This is not so good, since I must reimplement the same method in many > pages. > > Is there any way could I access the requestGlobals directly from tml? > > My goql would be to write, directly in the tml, something like: > > > > SAVE DATA > > > > Is it possible to do this with tapestry5? > > Thanks in advance, > larzeni > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Dmitry Gusev AnjLab Team http://anjlab.com
Re: Access request from tml / standard servlet api role support
Hi Kalle, we are forced to use spring security, and cannot migrate to shiro. Beside it, I don't like the idea to glue my code to external libraries, using annotations or other code that may have a different lifecycle. I can wait as I want to update my code, but, if there is a security issue, I must be immediately able to update my security libs. I like much more to declare security constraint outside my app (spring allows to do this with an xml file inside the WEB_INF folder) and use the standard servlet api, so I can migrate to a new version whenever I need. I will take a look at the code. I guess I will need to create a custom component, but, in my humble opinion, it's a too big effort to write a component simply to access access the request object from a tml. Anyway, thanks for your hint, larzeni > Sent: Saturday, April 28, 2018 at 12:52 AM > From: "Kalle Korhonen" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > Tapestry-security (http://www.tynamo.org/tapestry-security+guide/) supports > request.isuserInRole and provides components similar to the one suggested, > i.e. > > > SAVE DATA > > > Kalle > > > > > On Fri, Apr 27, 2018 at 3:41 PM, pico.dev wrote: > > > Hi, > > > > Maybe you can implement a new conditional component that checks the role > > and render or not its body. Something like this: > > > > > > SAVE DATA > > > > > > See https://tapestry.apache.org/component-rendering.html > > > > Regards, > > > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > > escribió: > > > > > Hi, > > > I'm using tapestry5.4 with java 8. > > > > > > I am using the standard servlet API to check if a user is in role or not, > > > to hide or show buttons, links, and so on. > > > > > > For example, I need to show a button to the user only if the user has > > been > > > granted a role. > > > > > > My usual way to to this is: > > > > > > 1) create a method in the page, for example: > > > > > > @Inject > > > RequestGlobals m_requestGlobals; > > > > > > public boolean isUserAdmin() { > > > if (m_requestGlobals == null) { > > > return false; > > > } > > > return m_requestGlobals.isUserInRole("ADMIN"); > > > } > > > > > > 2) then, in the tml, check the method using a t:if component, for > > example: > > > > > > > > > SAVE DATA > > > > > > > > > This is not so good, since I must reimplement the same method in many > > > pages. > > > > > > Is there any way could I access the requestGlobals directly from tml? > > > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > > > > > SAVE DATA > > > > > > > > > > > > Is it possible to do this with tapestry5? > > > > > > Thanks in advance, > > > larzeni > > > > > > - > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > > > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Yeah, that was my old way of doing this thing, but it ties classes too much, so I discarded that code. Thank you, larzeni > Sent: Saturday, April 28, 2018 at 12:49 AM > From: "pico.dev" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > Maybe other alternative is create a base page class that has this and > some/all application pages extends > > @Inject > RequestGlobals m_requestGlobals; > > public boolean isUserAdmin() > > El sáb., 28 abr. 2018 a las 0:41, pico.dev () escribió: > > > Hi, > > > > Maybe you can implement a new conditional component that checks the role > > and render or not its body. Something like this: > > > > > > SAVE DATA > > > > > > See https://tapestry.apache.org/component-rendering.html > > > > Regards, > > > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > > escribió: > > > >> Hi, > >> I'm using tapestry5.4 with java 8. > >> > >> I am using the standard servlet API to check if a user is in role or not, > >> to hide or show buttons, links, and so on. > >> > >> For example, I need to show a button to the user only if the user has > >> been granted a role. > >> > >> My usual way to to this is: > >> > >> 1) create a method in the page, for example: > >> > >> @Inject > >> RequestGlobals m_requestGlobals; > >> > >> public boolean isUserAdmin() { > >> if (m_requestGlobals == null) { > >> return false; > >> } > >> return m_requestGlobals.isUserInRole("ADMIN"); > >> } > >> > >> 2) then, in the tml, check the method using a t:if component, for example: > >> > >> > >> SAVE DATA > >> > >> > >> This is not so good, since I must reimplement the same method in many > >> pages. > >> > >> Is there any way could I access the requestGlobals directly from tml? > >> > >> My goql would be to write, directly in the tml, something like: > >> > >> > >> > >> SAVE DATA > >> > >> > >> > >> Is it possible to do this with tapestry5? > >> > >> Thanks in advance, > >> larzeni > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >> For additional commands, e-mail: users-h...@tapestry.apache.org > >> > >> > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Hi, this is an idea, but I was hoping to have direct access to the request. In tapestry3 there was a direct way to access the Visit Object, and the ognl was well documented, but it seems that there is no more similar in tapestry5. Thank you, larzeni > Sent: Saturday, April 28, 2018 at 12:41 AM > From: "pico.dev" > To: "Tapestry users" > Subject: Re: Access request from tml / standard servlet api role support > > Hi, > > Maybe you can implement a new conditional component that checks the role > and render or not its body. Something like this: > > > SAVE DATA > > > See https://tapestry.apache.org/component-rendering.html > > Regards, > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > escribió: > > > Hi, > > I'm using tapestry5.4 with java 8. > > > > I am using the standard servlet API to check if a user is in role or not, > > to hide or show buttons, links, and so on. > > > > For example, I need to show a button to the user only if the user has been > > granted a role. > > > > My usual way to to this is: > > > > 1) create a method in the page, for example: > > > > @Inject > > RequestGlobals m_requestGlobals; > > > > public boolean isUserAdmin() { > > if (m_requestGlobals == null) { > > return false; > > } > > return m_requestGlobals.isUserInRole("ADMIN"); > > } > > > > 2) then, in the tml, check the method using a t:if component, for example: > > > > > > SAVE DATA > > > > > > This is not so good, since I must reimplement the same method in many > > pages. > > > > Is there any way could I access the requestGlobals directly from tml? > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > SAVE DATA > > > > > > > > Is it possible to do this with tapestry5? > > > > Thanks in advance, > > larzeni > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access request from tml / standard servlet api role support
Tapestry-security (http://www.tynamo.org/tapestry-security+guide/) supports request.isuserInRole and provides components similar to the one suggested, i.e. SAVE DATA Kalle On Fri, Apr 27, 2018 at 3:41 PM, pico.dev wrote: > Hi, > > Maybe you can implement a new conditional component that checks the role > and render or not its body. Something like this: > > > SAVE DATA > > > See https://tapestry.apache.org/component-rendering.html > > Regards, > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > escribió: > > > Hi, > > I'm using tapestry5.4 with java 8. > > > > I am using the standard servlet API to check if a user is in role or not, > > to hide or show buttons, links, and so on. > > > > For example, I need to show a button to the user only if the user has > been > > granted a role. > > > > My usual way to to this is: > > > > 1) create a method in the page, for example: > > > > @Inject > > RequestGlobals m_requestGlobals; > > > > public boolean isUserAdmin() { > > if (m_requestGlobals == null) { > > return false; > > } > > return m_requestGlobals.isUserInRole("ADMIN"); > > } > > > > 2) then, in the tml, check the method using a t:if component, for > example: > > > > > > SAVE DATA > > > > > > This is not so good, since I must reimplement the same method in many > > pages. > > > > Is there any way could I access the requestGlobals directly from tml? > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > SAVE DATA > > > > > > > > Is it possible to do this with tapestry5? > > > > Thanks in advance, > > larzeni > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > >
Re: Access request from tml / standard servlet api role support
Maybe other alternative is create a base page class that has this and some/all application pages extends @Inject RequestGlobals m_requestGlobals; public boolean isUserAdmin() El sáb., 28 abr. 2018 a las 0:41, pico.dev () escribió: > Hi, > > Maybe you can implement a new conditional component that checks the role > and render or not its body. Something like this: > > > SAVE DATA > > > See https://tapestry.apache.org/component-rendering.html > > Regards, > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () > escribió: > >> Hi, >> I'm using tapestry5.4 with java 8. >> >> I am using the standard servlet API to check if a user is in role or not, >> to hide or show buttons, links, and so on. >> >> For example, I need to show a button to the user only if the user has >> been granted a role. >> >> My usual way to to this is: >> >> 1) create a method in the page, for example: >> >> @Inject >> RequestGlobals m_requestGlobals; >> >> public boolean isUserAdmin() { >> if (m_requestGlobals == null) { >> return false; >> } >> return m_requestGlobals.isUserInRole("ADMIN"); >> } >> >> 2) then, in the tml, check the method using a t:if component, for example: >> >> >> SAVE DATA >> >> >> This is not so good, since I must reimplement the same method in many >> pages. >> >> Is there any way could I access the requestGlobals directly from tml? >> >> My goql would be to write, directly in the tml, something like: >> >> >> >> SAVE DATA >> >> >> >> Is it possible to do this with tapestry5? >> >> Thanks in advance, >> larzeni >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >>
Re: Access request from tml / standard servlet api role support
Hi, Maybe you can implement a new conditional component that checks the role and render or not its body. Something like this: SAVE DATA See https://tapestry.apache.org/component-rendering.html Regards, El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni () escribió: > Hi, > I'm using tapestry5.4 with java 8. > > I am using the standard servlet API to check if a user is in role or not, > to hide or show buttons, links, and so on. > > For example, I need to show a button to the user only if the user has been > granted a role. > > My usual way to to this is: > > 1) create a method in the page, for example: > > @Inject > RequestGlobals m_requestGlobals; > > public boolean isUserAdmin() { > if (m_requestGlobals == null) { > return false; > } > return m_requestGlobals.isUserInRole("ADMIN"); > } > > 2) then, in the tml, check the method using a t:if component, for example: > > > SAVE DATA > > > This is not so good, since I must reimplement the same method in many > pages. > > Is there any way could I access the requestGlobals directly from tml? > > My goql would be to write, directly in the tml, something like: > > > > SAVE DATA > > > > Is it possible to do this with tapestry5? > > Thanks in advance, > larzeni > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >