Yes, I want to to hide the entire menu if a user has no permissions for any of
the pages
accessible from that menu.
The third of your proposals (to hide the container if none of its
childcomponents are visible) is really the best.
So I have only to care about the permissions of the pages :-)
Thank you very much for the code example of the method onBeforeRender() for the
WebMarkupContainer.
I have implemented it and it works fine :-)
Andrea
*Von:* Maurice Marrink [EMAIL PROTECTED]
*Gesendet:* 06.06.08 13:50:38
*An:* users@wicket.apache.org
*Betreff:* Re: Wasp/Swarm: permisson for component of super class
Well assuming you are only using a securewebmarkupcontainer to hide
the entire menu if a user as no permissions for any of the pages
accessible from that menu.
Otherwise there really is no need since the links will be hidden.
Then you have a couple of options.
-Use a datapermission for each swmc
-Use a specific class for each swmc e.g. class UserMenu extends
SecureWebMarkupContainer and add something like the following in your
policy permission ${ComponentPermission} ${package}.UserMenu,
inherit, render;
You can ofcourse use SWMC without subclassing but then every SWMC
would be authorized not just the menu.
-Don't use security directly to handle visibility in this case. In our
app we used the following technique to hide the container if none of
its childcomponents are visible.
In the WebMarkupContainer:
protected void onBeforeRender()
{
Boolean result = (Boolean)
visitChildren(SecureBookmarkablePageLink.class, new IVisitor()
{
/**
* @see
org.apache.wicket.Component.IVisitor#component(org.apache.wicket.Component)
*/
@Override
public Object component(Component component)
{
SecureBookmarkablePageLink link = (SecureBookmarkablePageLink) component;
if (link
.isActionAuthorized(getAction(Render.class)))
return true;
return null; // continue
}
});
if (result != null result)
setVisible(true);
else
setVisible(false);
super.onBeforeRender();
}
Hope this answers your question.
Maurice
On Fri, Jun 6, 2008 at 11:57 AM, Andrea Jahn [EMAIL PROTECTED] wrote:
Hi,
In our application we have the super class SecuredBasePage for all the pages.
This class contains the menu. It depends on the logged in user, which of the
main menus (containing the menu entries) are visible.
So I created a SecureWebMarkupContainer for each main menu.
But now I have to add a permission for one allowed main menu for each page
into the policy file.
These are a lot of entries and heavy to keep up to date.
If a user has the permission for a certain main menu, he has that permission
for each page.
Is it possible to set one permission for a certain main menu, which is valid
for all pages ?
Code:
SecuredBasePage.html
-
ul
li wicket:id=menuUsersspan/spana href=#Users/a
ul
lispan/spana href=# wicket:id=linkToPersonListUser List/a/li
lispan/spana href=# wicket:id=linkToAddPersonAdd user/a/li
/ul
/li
...
SecuredBasePage.java
-
public abstract class SecuredBasePage extends SecureWebPage
{
public SecuredBasePage()
{
super();
addLinks();
...
}
protected void addLinks()
{
// add main menu list items via wicket and not only pure html code for
authorization
SecureWebMarkupContainer menuUsers = new
SecureWebMarkupContainer(menuUsers);
SecureBookmarkablePageLink link1 =
new SecureBookmarkablePageLink(linkToPersonList, PersonListPage.class);
SecureBookmarkablePageLink link2 =
new SecureBookmarkablePageLink(linkToAddPerson, PersonEditPage.class);
link1.setAutoEnable(true);
link2.setAutoEnable(true);
menuUsers.add(link1);
menuUsers.add(link2);
add(menuUsers);
...
}
...
}
Welcome.java
-
public class Welcome extends SecuredBasePage
{
...
}
PersonListPage.java
--
public class PersonListPage extends SecuredBasePage
{
...
}
PersonEditPage.java
--
public class PersonEditPage extends SecuredBasePage
{
...
}
policy file:
permission ${ComponentPermission} ${front}.Welcome, render;
permission ${ComponentPermission} ${front}.Welcome, enable;
permission ${ComponentPermission} ${front}.PersonListPage, render;
permission ${ComponentPermission} ${front}.PersonListPage, enable;
permission ${ComponentPermission} ${front}.PersonEditPage, render;
permission ${ComponentPermission} ${front}.PersonEditPage, enable;
...
permission ${ComponentPermission} ${front}.Welcome:menuUsers, inherit,
render;
permission ${ComponentPermission} ${front}.PersonListPage:menuUsers,
inherit, render;
permission ${ComponentPermission} ${front}.PersonEditPage:menuUsers,
inherit, render;
Thanks
Andrea
EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! *http://unddu.de/[EMAIL PROTECTED]
[http://unddu.de/[EMAIL PROTECTED