The DataPermission solution works :)
Thanks
Andrea
*Von:* users@wicket.apache.org
*Gesendet:* 15.05.08 16:06:54
*An:* users@wicket.apache.org
*Betreff:* Re: Swarm: Link authorization
Yes there are other solutions :)
In this case you would use a DataPermission.
Something like
permission ${DataPermission} "delete_product", "enable";
coupled with a DatasecurityCheck on your links like so:
setSecurityCheck(new DataSecurityCheck("delete_product"));
will do the trick.
Maurice
On Thu, May 15, 2008 at 3:22 PM, Andrea Jahn <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> for every item in a table there's a "delete" link, which should be only
> visible for certain users.
>
> ProductAreaListPage.html:
> ---------------------------------
>
> <tr wicket:id="productAreaTable" class="list">
> <td><span wicket:id="id">[id]</span></td>
> <td><span wicket:id="name">[name]</span></td>
> <td><span wicket:id="description">[description]</span></td>
> <td><a wicket:id="editProductArea">Edit…</a></td>
> <td><a wicket:id="adminProducts">Products…</a></td>
> <td><a wicket:id="deleteProductArea">Delete…</a></td>
> </tr>
>
> I created a class for the secure link:
> ---------------------------------------------------
>
> public abstract class SecureLink extends Link implements ISecureComponent
> {
> private static final long serialVersionUID = 1L;
>
> public SecureLink(String id, Class c)
> {
> super(id);
> setSecurityCheck(new LinkSecurityCheck(this, c));
> }
>
> public ISecurityCheck getSecurityCheck()
> {
> return SecureComponentHelper.getSecurityCheck(this);
> }
>
> public boolean isActionAuthorized(String waspAction)
> {
> return SecureComponentHelper.isActionAuthorized(this, waspAction);
> }
>
> public boolean isActionAuthorized(WaspAction action)
> {
> return SecureComponentHelper.isActionAuthorized(this, action);
> }
>
> public boolean isAuthenticated()
> {
> return SecureComponentHelper.isAuthenticated(this);
> }
>
> public void setSecurityCheck(ISecurityCheck check)
> {
> SecureComponentHelper.setSecurityCheck(this, check);
> }
> }
>
> First I tried to use the ComponentSecurityCheck, because I have no real click
> target ( I used ProductAreaListPage.class as parameter in the constructor as
> dummy). Because the LinkSecurityCheck behaves as ClassSecurityCheck per
> default, I called setUseAlternativeRenderCheck to change to
> ComponentSecurityCheck.
>
>
> ProductAreaListPage.java:
> ---------------------------------
> private class ProductAreaVisibleDataView extends ProductAreaDataView
> {
> public ProductAreaVisibleDataView(String id, IDataProvider dataProvider) {
> super(id, dataProvider);
> }
>
> protected void populateItem(final Item item) {
> super.populateItem(item);
> final ProductArea productArea = (ProductArea) item.getModelObject();
>
> SecureLink deleteLink = new SecureLink("deleteProductArea",
> ProductAreaListPage.class) {
> private static final long serialVersionUID = 1L;
>
> public void onClick() {
> if (productArea.getDeleted())
> return;
>
> productArea.setDeleted(true);
> productAreaService.save(productArea);
> invalidateDataProviders();
> }
> };
> ((LinkSecurityCheck)deleteLink.getSecurityCheck()).setUseAlternativeRenderCheck(true);
> item.add(deleteLink);
> }
> }
>
>
>
> Because the wicket id deleteProductArea exists for each item in the list, my
> policy file would need such permission for each item. This is no real
> solution, because I don't know, how many items the list will contain (But it
> worked in the example for the first 4 items).
>
>
> Appl.hive:
> ------------
> // Product area list page - Delete link
> permission ${ComponentPermission}
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:1:deleteProductArea",
> "inherit, render";
> permission ${ComponentPermission}
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:2:deleteProductArea",
> "inherit, render";
> permission ${ComponentPermission}
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:3:deleteProductArea",
> "inherit, render";
> permission ${ComponentPermission}
> "${front}.ProductAreaListPage:resultPanel:productAreaTable:4:deleteProductArea",
> "inherit, render";
>
>
> So I tried to change to use the ClassSecurityCheck. There the user must have
> rights for the target class. I created a dummy class:
>
> ClickTargetDummy.java:
> ------------------------------*
>
> *package xxx.yyy.zzz.front.security;
>
> public class ClickTargetDummy
> {
> }
>
> ProductAreaListPage.java:
> ---------------------------------
>
> SecureLink deleteLink = new SecureLink("deleteProductArea",
> ClickTargetDummy.class) {
> private static final long serialVersionUID = 1L;
>
> public void onClick() {
> if (productArea.getDeleted())
> return;
>
> productArea.setDeleted(true);
> productAreaService.save(productArea);
> invalidateDataProviders();
> }
> };
>
> Appl.hive:
> ---------
> permission ${ComponentPermission} "${front}.security.ClickTargetDummy",
> "inherit, render, enable";
>
>
>
> This solution works, but I have to create the dummy class. Perhaps other
> solutions are possible ???
>
> Thanks in advance
> Andrea
>
>
>
>
>
>
>
>
>
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> *http://smartsurfer.web.de/?mc=100071&distributionid=000000000066*
> [http://smartsurfer.web.de/?mc=100071&distributionid=000000000066]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage
kostenlos testen. *http://www.pc-sicherheit.web.de/startseite/?mc=022220*
[http://www.pc-sicherheit.web.de/startseite/?mc=022220]