Hi Tapestry Users,
Whilst waiting for customs clearance in a Fijian port, I have a query.
I'm extending my sample application's use of security for experimenting
with.
I have a UserProfile class currently with annotation
@RequiresRoles("admin") and that works great.
Using @RequiresPermissions however on the class is not possible because I
need to do something like @RequriesPermissions("profile:edit:" = userId)
for the current user.
I'm getting by for the moment in onActivate like such:
void onActivate(Long id) {
if(SecurityUtils.getSubject().isPermitted("profile:edit:" + id) ){
currentUser = userService.getById(id);
userProfile =
userProfileService.getByUserId(currentUser.getId());
}
else if (SecurityUtils.getSubject().hasRole("admin")){
currentUser = userService.getById(id);
userProfile =
userProfileService.getByUserId(currentUser.getId());
}
else {
logger.info("T H I S U S E R I S N O T P E R M I T T E
D");
}
}
In my else, I'd like to redirect to a page, "you don't have permissions for
this action".
All examples I've come across show setupRender() returning void or a
boolean, and onActivate() returning void.
How would I redirect the tapestry way?
Thanks
Chris
