BTW,the current login user can only change his/her own login/acount profile
-D ----- Original Message ----- From: "Dan Tran" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, March 23, 2003 11:16 AM Subject: Re: case study with security > In your case, you can make administrator is a 'user' itself so that > /EditAccount.do works for both roles. However, > I strongly suspect your action/view you have to do lots of if else block to > determine what to do and what to display. > > Encapsulation is the key here, I would provide 2 separate actions, one for > the normal current login user and one for administrator to edit any user > account. > > -Dan > > ----- Original Message ----- > From: "Dan Allen" <[EMAIL PROTECTED]> > To: "Struts-User List" <[EMAIL PROTECTED]> > Sent: Sunday, March 23, 2003 11:03 AM > Subject: case study with security > > > > There have been several discussions on this list about how security > > should be loosely coupled with the ActionServlet itself (a filter on > > top of the application), but I am curious to know the best > > practicing for handling the following type of case. > > > > Assume I have an action with a path of /EditAccount. Naturally if a > > user is not logged in, this path should be protected via filtering. > > However, /EditAccount has two purposes, one for the regular user to > > edit his/her own account, but also for the administrator to edit any > > user account via the query string ?user=username. In this case, I > > have to check in the action class if the user is allowed to take on > > the role of another user in which case the form is populated with > > that user's data or, if not, the form should populate with the > > user's own data. > > > > Is this something that is reasonable to do in the action, or should > > I create another action path /EditUserAccount?user=username and > > filter that to only admins and then forward to the /EditAccount once > > the proper credientials have been established, hence relieving the > > action behind /EditAccount from looking at any roles? > > > > Dan > > > > -- > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Daniel Allen, <[EMAIL PROTECTED]> > > http://www.mojavelinux.com/ > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > "If you are going to play the game of trial and error, > > don't be surprised when the results are revealing. -- me" > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
