On 8/27/07, Erik Vullings <[EMAIL PROTECTED]> wrote: > Hi, > > Just wondering - when dealing with page authorizations, does this model > expand to component authorizations, i.e. you may visit the page, but not > certain components (redirect to another component), or you can see a > component, but with less privileges (e.g. view but not edit). In other > words, how would you deal with CRUD (create, read, update, delete) > role-based authorization on a component level?
I'd say it's up to the component. I've just added two new components in tapestry5-acegi, called IfLoggedIn and IfRole, which can be used in components such as: <t:security.ifloggedin> You are logged in, welcome! <t:security.ifrole role="ROLE_ADMIN"> You are even logged as admin, cool! <t:parameter name="else"> Sorry, you don't have admin credentials. </t:parameter> </t:security.ifrole> <a t:type="actionlink" t:id="logout">Logout</a> <t:parameter name="else"> Not logged in, please <t:pagelink t:page="LoginPage">do</t:pagelink>. </t:parameter> </t:security.ifloggedin> -- regards, Robin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]