I'm writing an application where logged in users can create "items". User can then list their items and by following a link (DirectLink) they will reach the item details page where the selected item can be edited. This is a typical scenario which I imagine occurs in many apps.
I have implemented the link with a DirectLink which has the item ID as parameter. In the listener I will create the page, set the ID on the page object and the return the page object. It works fine! The thing is that a user can reach other users items by editing the URL for the detail page - the URL ends with i.e. ...&sp=3 where 3 is the item ID. This means I will have to check on the details page that the item to be shown is indeed owned by the current user. OK, I can do that, but is there maybe a better way to perform the link? /Malin
