I hope you are getting the picture. This is why I was trying to use a
custom tag that could still interact with my model, call business methods
to make security
decisions and vary the generated link accordingly.
And finally the question: How should I go about writing the "Update" link
now that we all understand the problem?
You could put all that logic somewhere else, perhaps in a bean with an
'isUpdateAllowed' method:
<c:if test="${security.updateAllowed}> <html:link ...> </c:if>
Since you're already okay with a custom tag, what about extending the Struts
link tag to do what you need?
I also wonder if you really need <html:link> for this-- you're already
hard-coding the action name. If there's nothing dynamic about the link
other than that 'entry[ix]' part, then can you just write out the <a
href="..."> from your custom tag?
I've had success with request.isUserInRole-- *without* getting into custom
Realms and CMA-- just add a Filter, wrap the request and override
'isUserInRole'. It sounds like you have some "levels" that could be roles.
(I'm not clear on the runtime checking of fields you mentioned, but you
should have access to the request and session from isUserInRole.) Struts
has <logic:present role="..."> (and there's probably a JSTL equivalent).
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
