On Wed, Mar 21, 2012 at 9:20 AM, IcedDante <ultimate_ham...@yahoo.com> wrote: >> On Tue, Mar 20, 2012 at 9:44 AM, Beat Durrer <bdurrer@> wrote: >>> So, all your CreateGame page needs is the user - right? >>> Then let's add an page activation context: >> Current user as the activation context for createGame? Doesn't look >> too secure - obviously you can still do that if you put proper checks > Kalle, can you tell my why using the User object is not secure, and why > using a "CurrentUser" state object is a better idea? I'd like some more > information about the risks involved.
No, you missed the gist of it. CurrentUser/User etc. doesn't matter, just that which object should you use as a the activation context - read that part of my earlier reply again. If you use the User as activation context for CreateGame page, you need to make sure that the current user has has rights to use that User entity as the activation context. And for creating, modifying a game, it's more natural to use the Game itself as the activation context. Experiment with it, after you've created a few Create, Edit pages, you should very quickly get a hang of what makes sense and what doesn't. Kalle --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org