Re: Proposal_CommentValidators

[Dave <sn...@gmail.com>]

On 12/28/06, Blaine Simpson <bl...@admc.com> wrote:
> Please see inlines, especially the one at the bottom.  I'm hopeful that
> somebody will take the time to point me in the right direction... at
> least to some architecture docs, because I'm wasting more hours than it
> is worth to me to figure out the data access issues on my own.

I'll give it a shot...


> >  >     * Can somebody help me find where the HTML for the Preview and Post
> >  > buttons is generated?
> >
> >  The comment form is generated by the #showWeblogEntryCommentForm()
> >  macro in WEB-INF/velocity/weblog.vm.
>
> I need help changing the comment form text.
> I can't find an elegant way to access the current UserData object from
> within the velocity templates.
> I looked into accessing the Request (to get the UserData from the static
> RollerSession method), and writing the needed data to the form or comment
> POJOs which are accessible to Velocity, but can't find the right place to
> do any of these things.
> I've run into similar problems before, where Struts apps designed to isolate
> the View require you to violate MVC (with much difficulty and highly-coupled
> code) to do dynamic stuff like this lower down.
> (Cross-cutting stuff like this is done much more elegantly with SpringMVC).
> Any pointers would be appreciated.

We have these methods in the UtilitiesModel class:
   public boolean isUserAuthorizedToAuthor(WebsiteDataWrapper weblog)
   public boolean isUserAuthorizedToAdmin(WebsiteDataWrapper weblog)
   public boolean isUserAuthenticated()

But you are correct, we don't yet provide a way to get the UserData of
the currently authenticated user. I would not be opposed to adding
another method:

   public UserDataWrapper getAuthenticatedUser()

If you're going to use those methods, then make sure you do *not*
override the cache.excludeOwnerEditPages=false property.


> >  Yes. That's true. Unfortunately the CommentAuthenticator interface
> >  does not allow you to pre-populate the comment. Maybe we should change
> >  that.
>
> I have submittal side working just fine.  When a comment is submitted, it
> will be accepted only if user is logged in (based on a Roller property),
> and values for User Name and Email Address are used from UserData (based
> on another Roller Property).
>
> My difficulty is with changing the comment form text.
> It is really bad UI to display a usable comment form followed
> by a message that the user has to log in before they can use the form.

That's pretty subjective. Some authenticators might work best above
and some below. It would be nice if we could support both.


> I'm even unable to disable the form fields with Javascript in the
> Authenticator due to hierarchical issues.
> If user is logged in (and relevant property is set), I want to either
> pre-fill and disable the User Name, Email Address, and Save... fields,
> or eliminate them.

You should be able to override the #showCommentForm() by providing
your own implementation. Create a file roller-custom.vm in the
WEB-INF/velocity directory with that and any other macro overrides you
might have.

Hope that helps...

I think the CommentAuthenticator interface needs some redesign if it's
going to properly support the different comment SSO schemes that folks
are discussing. I'll be working on CommentValidators this week -- not
sure if I'll have much time to spent on authenticators.

- Dave