Hi Dmitry,
I ended up doing a component as you suggested.
I will take a look at tapestry-security when I have a little more time.
Thanks again,
larzeni
> Sent: Saturday, April 28, 2018 at 1:45 PM
> From: "Dmitry Gusev" <dmitry.gu...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Hi Luca,
>
> Component parameters syntax is built about binding expressions [1], i.e.
> "prefix:expression".
>
> By default the prefix is "prop:", unless explicitly overridden for specific
> parameter [2].
>
> You can find detailed explanation for property expressions, including its
> BNF grammar, in official Tapestry documentation [3].
>
> Property expressions are always evaluated in the context of current
> page/component.
>
> It's called "property" expression, because it uses JavaBean-notation
> properties (@Property annotation can generate get/set methods around field
> at runtime).
>
> So in order for your expression `request.isUserInRole("ADMIN")` to work,
> the `request` must be a @Property (or has `getRequest()` method) in your
> page/component, i.e.:
>
> @Inject
> @Property
> Request request;
>
> There are no special cases for the built-in services in the BNF
> for property expressions [3].
>
> As others pointed in this thread, the Tapestry way of dealing with your
> requirement is to create a new component,
> similar to `t:If`, that would accept a role name as it's parameter so you
> could render it's body conditionally if user is in role, i.e.:
>
> public class HasRole extends
> org.apache.tapestry5.corelib.base.AbstractConditional
> {
> @Inject RequestGlobals requestGlobals;
> @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> String role;
>
> @Override
> protected boolean test()
> {
> return requestGlobals.getHTTPServletRequest().isUserInRole(role);
> }
> }
>
> Above code is almost a copy-paste of tapestry-security's HasRole component
> [4].
>
> The only difference is this component uses servlet API directly for role
> checking,
> while is tapestry-security is built around Apache Shiro [5],
> and provides more advanced security model than simple role model of the
> servlet API.
>
> I highly recommend tapestry-security if you need anything more than
> built-in servlet API role model.
>
> [1]
> http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions
> [2]
> https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix()
> [3] http://tapestry.apache.org/property-expressions.html
> [4] http://www.tynamo.org/tapestry-security+guide/
> [5] https://shiro.apache.org
>
> On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni <l.arz...@iname.com> wrote:
>
> > Hi,
> > I'm using tapestry5.4 with java 8.
> >
> > I am using the standard servlet API to check if a user is in role or not,
> > to hide or show buttons, links, and so on.
> >
> > For example, I need to show a button to the user only if the user has been
> > granted a role.
> >
> > My usual way to to this is:
> >
> > 1) create a method in the page, for example:
> >
> > @Inject
> > RequestGlobals m_requestGlobals;
> >
> > public boolean isUserAdmin() {
> > if (m_requestGlobals == null) {
> > return false;
> > }
> > return m_requestGlobals.isUserInRole("ADMIN");
> > }
> >
> > 2) then, in the tml, check the method using a t:if component, for example:
> >
> > <t:if test="userAdmin">
> > <a t:id="saveButton" type="button" href="#">SAVE DATA</a>
> > </t:if>
> >
> > This is not so good, since I must reimplement the same method in many
> > pages.
> >
> > Is there any way could I access the requestGlobals directly from tml?
> >
> > My goql would be to write, directly in the tml, something like:
> >
> >
> > <t:if test="request.isuserInRole('ADMIN')">
> > <a t:id="saveButton" type="button" href="#">SAVE DATA</a>
> > </t:if>
> >
> >
> > Is it possible to do this with tapestry5?
> >
> > Thanks in advance,
> > larzeni
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
>
>
> --
> Dmitry Gusev
>
> AnjLab Team
> http://anjlab.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
