Hi Luca, Component parameters syntax is built about binding expressions [1], i.e. "prefix:expression".
By default the prefix is "prop:", unless explicitly overridden for specific parameter [2]. You can find detailed explanation for property expressions, including its BNF grammar, in official Tapestry documentation [3]. Property expressions are always evaluated in the context of current page/component. It's called "property" expression, because it uses JavaBean-notation properties (@Property annotation can generate get/set methods around field at runtime). So in order for your expression `request.isUserInRole("ADMIN")` to work, the `request` must be a @Property (or has `getRequest()` method) in your page/component, i.e.: @Inject @Property Request request; There are no special cases for the built-in services in the BNF for property expressions [3]. As others pointed in this thread, the Tapestry way of dealing with your requirement is to create a new component, similar to `t:If`, that would accept a role name as it's parameter so you could render it's body conditionally if user is in role, i.e.: public class HasRole extends org.apache.tapestry5.corelib.base.AbstractConditional { @Inject RequestGlobals requestGlobals; @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) String role; @Override protected boolean test() { return requestGlobals.getHTTPServletRequest().isUserInRole(role); } } Above code is almost a copy-paste of tapestry-security's HasRole component [4]. The only difference is this component uses servlet API directly for role checking, while is tapestry-security is built around Apache Shiro [5], and provides more advanced security model than simple role model of the servlet API. I highly recommend tapestry-security if you need anything more than built-in servlet API role model. [1] http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions [2] https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix() [3] http://tapestry.apache.org/property-expressions.html [4] http://www.tynamo.org/tapestry-security+guide/ [5] https://shiro.apache.org On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni <l.arz...@iname.com> wrote: > Hi, > I'm using tapestry5.4 with java 8. > > I am using the standard servlet API to check if a user is in role or not, > to hide or show buttons, links, and so on. > > For example, I need to show a button to the user only if the user has been > granted a role. > > My usual way to to this is: > > 1) create a method in the page, for example: > > @Inject > RequestGlobals m_requestGlobals; > > public boolean isUserAdmin() { > if (m_requestGlobals == null) { > return false; > } > return m_requestGlobals.isUserInRole("ADMIN"); > } > > 2) then, in the tml, check the method using a t:if component, for example: > > <t:if test="userAdmin"> > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > </t:if> > > This is not so good, since I must reimplement the same method in many > pages. > > Is there any way could I access the requestGlobals directly from tml? > > My goql would be to write, directly in the tml, something like: > > > <t:if test="request.isuserInRole('ADMIN')"> > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > </t:if> > > > Is it possible to do this with tapestry5? > > Thanks in advance, > larzeni > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Dmitry Gusev AnjLab Team http://anjlab.com