I have the following system: I have a LoginDataForm called loginDataBean in my seesion wich contains username, password and roles the user have. Than I have some actions accessing EJB through helper classes. For example I have a action /order/detail/show. If that action is called by a normal user he can only browse order details from orders wich belong to him (that action retrieves an OrderVO wich contains the userId/username). If it is called for example from an administrator he can browse details from all orders. That is not the only action wich behave like that. I have a /user/show/personalData as well with shows the data from a certain user. If the requested user is not the same as the user logged in and he is an admin he will see the details else not.
CAN anyone give me a solution how I can solve that problem global without having to check that in every action one by one ? Many thanks! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
