Hi,
this is an almost great solution. Very elegant. It helps for all plain
pages. Thanks already.
But the dispatcher is not used in service method calls.
e.G. I have a service method that retreives an object from the
database that a user has uploaded before and it can be downloaded from
a service URL
http://localhost:8080/application/user/datadocuments.download/18431
this request will not go through the dispatcher. But I'd still like to
check on a central place whether the currently logged in user actually
has access to the document with the id 18431.
M.
Am 26.07.2008 um 18:00 schrieb Angelo Chen:
you can use dispatcher for this, there are some articles in the wiki
page.
Moritz Gmelin wrote:
Hi,
I want to add some security to my application by checking whether the
currently logged in user (stored in an ApplicationState) has access
to
the object that is handed to his current page via onActivate().
Since tapestry handles the database fetching of entities to an
onActivate method I would need to check within each onActivate method
on every page if the user is allowed to use the entity passed.
Is the some kind of interception mechanism that I could inject that
could do this checking once for every page?
So maybe that I provide a service that gets an entity class and ID
and
returns the actual entity instance only after doing some permission
checks?
Thanks
Moritz
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/onActivate-with-access-permission-check-tp18664030p18668257.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
