That's really cool and very useful! To clarify my understanding - how does it deal with protecting links/functions. For example, assume I'm a regular, non-admin user and access the application. Since I'm not an admin, I don't see the link to the "Clear database" function, but somehow, I can guess it's link. How does the framework protect me from invoking that link anyways? Do you have equivalent functions as ifLoggedIn and ifRole in the java class files?
Cheers Erik On 8/27/07, Robin Helgelin <[EMAIL PROTECTED]> wrote: > > On 8/27/07, Erik Vullings <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Just wondering - when dealing with page authorizations, does this model > > expand to component authorizations, i.e. you may visit the page, but not > > certain components (redirect to another component), or you can see a > > component, but with less privileges (e.g. view but not edit). In other > > words, how would you deal with CRUD (create, read, update, delete) > > role-based authorization on a component level? > > I'd say it's up to the component. I've just added two new components > in tapestry5-acegi, called IfLoggedIn and IfRole, which can be used in > components such as: > > <t:security.ifloggedin> > You are logged in, welcome! > <t:security.ifrole role="ROLE_ADMIN"> > You are even logged as admin, cool! > <t:parameter name="else"> > Sorry, you don't have admin credentials. > </t:parameter> > </t:security.ifrole> > <a t:type="actionlink" t:id="logout">Logout</a> > <t:parameter name="else"> > Not logged in, please <t:pagelink > t:page="LoginPage">do</t:pagelink>. > </t:parameter> > </t:security.ifloggedin> > > -- > regards, > Robin > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
