You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Chris Mylonas <ch...@opencsta.org> on 2014/06/23 03:51:46 UTC
Tapestry-Security @RequiresPermission("xxx:yyy:zzz") on class
Hi Tapestry Users,
Whilst waiting for customs clearance in a Fijian port, I have a query.
I'm extending my sample application's use of security for experimenting
with.
I have a UserProfile class currently with annotation
@RequiresRoles("admin") and that works great.
Using @RequiresPermissions however on the class is not possible because I
need to do something like @RequriesPermissions("profile:edit:" = userId)
for the current user.
I'm getting by for the moment in onActivate like such:
void onActivate(Long id) {
if(SecurityUtils.getSubject().isPermitted("profile:edit:" + id) ){
currentUser = userService.getById(id);
userProfile =
userProfileService.getByUserId(currentUser.getId());
}
else if (SecurityUtils.getSubject().hasRole("admin")){
currentUser = userService.getById(id);
userProfile =
userProfileService.getByUserId(currentUser.getId());
}
else {
logger.info("T H I S U S E R I S N O T P E R M I T T E
D");
}
}
In my else, I'd like to redirect to a page, "you don't have permissions for
this action".
All examples I've come across show setupRender() returning void or a
boolean, and onActivate() returning void.
How would I redirect the tapestry way?
Thanks
Chris
Re: Tapestry-Security @RequiresPermission("xxx:yyy:zzz") on class
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Sun, 22 Jun 2014 22:51:46 -0300, Chris Mylonas <ch...@opencsta.org>
wrote:
> Hi Tapestry Users,
Hi!
> Whilst waiting for customs clearance in a Fijian port, I have a query.
Sounds fun! :P
> In my else, I'd like to redirect to a page, "you don't have permissions
> for
> this action".
>
> All examples I've come across show setupRender() returning void or a
> boolean, and onActivate() returning void.
Actually, there's a lot of stuff you can return from onActivate(). The
returned value is treated by Tapestry as "what should be shown right now".
> How would I redirect the tapestry way?
By returning a non-null value in an onActivate() method. Null and void are
treated as "go ahead and render the page". More details here:
http://tapestry.apache.org/page-navigation.html
--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry-Security @RequiresPermission("xxx:yyy:zzz") on class
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Sun, 22 Jun 2014 22:56:46 -0300, Chris Mylonas <ch...@opencsta.org>
wrote:
> Ah bugger, it always happens after sending to a list or forum.
>
> Found a suitable response to try from Listing 3.25 from Igor's book.
>
> e.g.
>
> Object onActivate(Long articleId) {
> this.article = blogService.findArticleById(articleId);
> if (this.article == null) {
> return new StreamPageContent(ErrorPage.class);
> }
> return null;
> }
StreamPageContent doesn't redirect. Instead, it just renders another page,
but in the same request.
> Looks like I can return an Object/Page
Yep!
You can return ErrorPage.class or @InjectPage private ErrorPage
errorPage;, set some stuff in errorPage then return it. In both cases, the
user will be redirected to ErrorPage.
--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry-Security @RequiresPermission("xxx:yyy:zzz") on class
Posted by Chris Mylonas <ch...@opencsta.org>.
Ah bugger, it always happens after sending to a list or forum.
Found a suitable response to try from Listing 3.25 from Igor's book.
e.g.
Object onActivate(Long articleId) {
this.article = blogService.findArticleById(articleId);
if (this.article == null) {
return new StreamPageContent(ErrorPage.class);
}
return null;
}
Looks like I can return an Object/Page
Thanks
On Mon, Jun 23, 2014 at 1:51 PM, Chris Mylonas <ch...@opencsta.org> wrote:
> Hi Tapestry Users,
>
> Whilst waiting for customs clearance in a Fijian port, I have a query.
>
> I'm extending my sample application's use of security for experimenting
> with.
>
> I have a UserProfile class currently with annotation
> @RequiresRoles("admin") and that works great.
>
> Using @RequiresPermissions however on the class is not possible because I
> need to do something like @RequriesPermissions("profile:edit:" = userId)
> for the current user.
>
> I'm getting by for the moment in onActivate like such:
>
> void onActivate(Long id) {
> if(SecurityUtils.getSubject().isPermitted("profile:edit:" + id) ){
> currentUser = userService.getById(id);
> userProfile =
> userProfileService.getByUserId(currentUser.getId());
> }
> else if (SecurityUtils.getSubject().hasRole("admin")){
> currentUser = userService.getById(id);
> userProfile =
> userProfileService.getByUserId(currentUser.getId());
> }
> else {
> logger.info("T H I S U S E R I S N O T P E R M I T T
> E D");
> }
> }
>
>
> In my else, I'd like to redirect to a page, "you don't have permissions
> for this action".
>
> All examples I've come across show setupRender() returning void or a
> boolean, and onActivate() returning void.
>
> How would I redirect the tapestry way?
>
> Thanks
> Chris
>
>