Hi Luca,
Component parameters syntax is built about binding expressions [1], i.e.
"prefix:expression".
By default the prefix is "prop:", unless explicitly overridden for specific
parameter [2].
You can find detailed explanation for property expressions, including its
BNF grammar, in official Tapestry documentation [3].
Property expressions are always evaluated in the context of current
page/component.
It's called "property" expression, because it uses JavaBean-notation
properties (@Property annotation can generate get/set methods around field
at runtime).
So in order for your expression `request.isUserInRole("ADMIN")` to work,
the `request` must be a @Property (or has `getRequest()` method) in your
page/component, i.e.:
@Inject
@Property
Request request;
There are no special cases for the built-in services in the BNF
for property expressions [3].
As others pointed in this thread, the Tapestry way of dealing with your
requirement is to create a new component,
similar to `t:If`, that would accept a role name as it's parameter so you
could render it's body conditionally if user is in role, i.e.:
public class HasRole extends
org.apache.tapestry5.corelib.base.AbstractConditional
{
@Inject RequestGlobals requestGlobals;
@Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
String role;
@Override
protected boolean test()
{
return requestGlobals.getHTTPServletRequest().isUserInRole(role);
}
}
Above code is almost a copy-paste of tapestry-security's HasRole component
[4].
The only difference is this component uses servlet API directly for role
checking,
while is tapestry-security is built around Apache Shiro [5],
and provides more advanced security model than simple role model of the
servlet API.
I highly recommend tapestry-security if you need anything more than
built-in servlet API role model.
[1]
http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions
[2]
https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix()
[3] http://tapestry.apache.org/property-expressions.html
[4] http://www.tynamo.org/tapestry-security+guide/
[5] https://shiro.apache.org
On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni <l.arz...@iname.com> wrote:
> Hi,
> I'm using tapestry5.4 with java 8.
>
> I am using the standard servlet API to check if a user is in role or not,
> to hide or show buttons, links, and so on.
>
> For example, I need to show a button to the user only if the user has been
> granted a role.
>
> My usual way to to this is:
>
> 1) create a method in the page, for example:
>
> @Inject
> RequestGlobals m_requestGlobals;
>
> public boolean isUserAdmin() {
> if (m_requestGlobals == null) {
> return false;
> }
> return m_requestGlobals.isUserInRole("ADMIN");
> }
>
> 2) then, in the tml, check the method using a t:if component, for example:
>
> <t:if test="userAdmin">
> <a t:id="saveButton" type="button" href="#">SAVE DATA</a>
> </t:if>
>
> This is not so good, since I must reimplement the same method in many
> pages.
>
> Is there any way could I access the requestGlobals directly from tml?
>
> My goql would be to write, directly in the tml, something like:
>
>
> <t:if test="request.isuserInRole('ADMIN')">
> <a t:id="saveButton" type="button" href="#">SAVE DATA</a>
> </t:if>
>
>
> Is it possible to do this with tapestry5?
>
> Thanks in advance,
> larzeni
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
