mixins are the best fit for the job, but there are some
pitfalls you have to be aware of when used with certain
components (see https://issues.apache.org/jira/browse/TAPESTRY-1805)
but there are other alternatives:
1) use a delegate and choose which representation of a page fragment
is to be rendered
2) use Blocks as the BeanEditor does... . i wrote a component that uses a
contribution of Blocks and a contribution of DisplayRules to determine
how
the properties of a bean are displayed (if at all). My DisplayRules return
an
enum with ENABLED, DISABLED or HIDDEN states that in turn are used to
find a contributed block that matches the state and other criteria (other
cirteria are page, beanType, propertyType and propertyName). This allows
me to display the property of a bean as a select component or as a simple
span if it cannot be edited anymore or hide it based on hierarchical
rules.
g,
kris
Robert Zeigler [EMAIL PROTECTED]
Gesendet von: robert zeigler [EMAIL PROTECTED]
12.05.2008 16:07
Bitte antworten an
Tapestry users users@tapestry.apache.org
An
Tapestry users users@tapestry.apache.org
Kopie
Thema
Re: T5: How do we secure our views?
Basically any of the render-phase states can return false to short-
circuit subsequent states
(see:
http://tapestry.apache.org/tapestry5/tapestry-core/guide/rendering.html
for the full state diagram).
So if you're looking for this sort of granularity for securing your
view, one approach would be to write a mixin
(see: http://tapestry.apache.org/tapestry5/tapestry-core/guide/mixins.html
)
.
So you might have something simple like:
package com.example.app.mixins;
//imports
...
public class Secured {
@parameter
private boolean shouldRender;
@BeginRender
public boolean shouldRender() {
return shouldRender;
}
}
And then you would use it like:
.tml:
a href=# t:id=adminLinkAdmin/a
.java
@Component(
...,
parameters={shouldRender=prop:conditionToEval,...})
private PageLink adminLink;
Something along those lines.
There are other possible variations, but this is going to most closely
match up with your JSF experience.
Robert
On May 12, 2008, at 5/127:25 AM , Partogi, Joshua wrote:
Dear all,
Let me get this straight to the point. In JSF for each component
there are a
'rendered' property which tells JSF whether to display the current
component
or not. But there isn't any property like this in T5. I do this
usually to
authorize user whether he/she are able to view the component. How do
we
secure our view in T5? Has anyone done this before?
thanks in advance
IMPORTANT NOTICE:
The information in this email (and any attachments) is confidential.
If you are not the intended recipient, you must not use or
disseminate the information. If you have received this email in
error, please immediately notify me by Reply command and
permanently delete the original and any copies or printouts
thereof. Although this email and any attachments are believed to be
free of any virus or other defect that might affect any computer
system into which it is received and opened, it is the
responsibility of the recipient to ensure that it is virus free and
no responsibility is accepted by American International Group, Inc.
or its subsidiaries or affiliates either jointly or severally, for
any loss or damage arising in any way from its use.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]