Just a note that you always can write your own component like this if you
want:
<t:hasPermission2 permission="some:permission" instance="myInstance">
On Tue, Jun 4, 2013 at 7:50 PM, Richard Frovarp <rfrov...@apache.org> wrote:
> That would work. The trick is that I need to compute the permissions
> dynamically. I'll have to add in more code to handle those types of
> wildcard permissions. I was hoping for something much more similar to what
> I can use with the @RequiresPermissions check. But since I don't have an
> invocation, that looks like what I'll have to do.
I'm not sure I understand you, how would this differ from the case with
MethodInvoication?
Isn't the same AuthorizingRealm will check permissions for you?
Just check if your permission has targets set and if it has - you can just
peek instance from them.
If not - try to get if from MethodInvoication.
Anyway, if you need that invocation - you can create one - just call some
method from your new component newPermission2 and intercept that call with
@RequiresPermissions. But you can't declare dynamic permission in the
annotation, you do understand this, right?
>
> On 05/30/2013 11:34 AM, Dmitry Gusev wrote:
>
>> You don't have invocation here, because you're rendering.
>> And you should know what you're rendering, so you should be able to do
>> this:
>>
>> <t:security.hasPermission permission="${myPermission}">
>>
>> and in Java:
>>
>> public String getMyPermission()
>> {
>> return "some:permission:" + instance.getId();
>> }
>>
>> will this work?
>>
>> On Thu, May 30, 2013 at 8:29 PM, Richard Frovarp <rfrov...@apache.org
>> >wrote:
>>
>> I'm using the Tynamo tapestry-security library to great success. I've
>>> been
>>> progressing through the instance level pieces and things are going well.
>>>
>>> I've ran into a bit of a problem however. I can do the instance level
>>> checks with @RequiresPermissions on functions just fine. That is
>>> populating
>>> the Environment service with the MethodInvocation. All is well. I can
>>> either get the method, or the instance, and proceed to do my security
>>> checks.
>>>
>>> The problem I'm running into is with the soft checks, in particular
>>> <t:security.hasPermission permission="some:permission"> where I want to
>>> decide if a link should be shown or not.
>>>
>>> That will trigger the checks, however, that doesn't populate the
>>> Environment with the MethodInvocation. So I have no way of telling what
>>> is
>>> being checked.
>>>
>>> Is there a way to get the current invocation without going through the
>>> environment service? Or should I come up with my own annotation, turn the
>>> security annotation into if checks, and use the advise pieces to put the
>>> invocation into the environment?
>>>
>>> This section of Tapestry is still confusing to me, so I hope that my
>>> question makes sense.
>>>
>>> Thanks,
>>> Richard
>>>
>>> ------------------------------****----------------------------**
>>> --**---------
>>> To unsubscribe, e-mail:
>>> users-unsubscribe@tapestry.**a**pache.org<http://apache.org>
>>> <users-unsubscribe@**tapestry.apache.org<users-unsubscr...@tapestry.apache.org>
>>> >
>>>
>>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>>
>>>
>>>
>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tapestry.**apache.org<users-unsubscr...@tapestry.apache.org>
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
