ROLLER 2.3 : Does menu-tabbed.vm isPermitted() use acegi ?

[ti...@bt.com]

Hi
 
I have a pretty wierd requirement to not show the login link or allow admin/editor access unless the requester is coming from a particular location. I'm using Acegi to do this and indeed I can make decisions based on the origin of the request.
 
But, in the menu of the main page the items are being driven by menu-tabbed.vm which does a test of
$item.isPermitted($req)
 
I can't see where this is defined, or indeed if it leverages the Acegi authorities granted. Any pointers?
Would I have to override the menu file to use acegi velocity $authz syntax instead ?
 
cheers
 
Tim

Re: ROLLER 2.3 : Does menu-tabbed.vm isPermitted() use acegi ?

[Dave <sn...@gmail.com>]

On 11/30/06, tim.fulcher@bt.com <ti...@bt.com> wrote:
> I have a pretty wierd requirement to not show the login link or allow admin/editor access unless the requester is coming from a particular location. I'm using Acegi to do this and indeed I can make decisions based on the origin of the request.
>
> But, in the menu of the main page the items are being driven by menu-tabbed.vm which does a test of $item.isPermitted($req)
>
> I can't see where this is defined, or indeed if it leverages the Acegi authorities granted. Any pointers? Would I have to override the menu file to use acegi velocity $authz syntax instead ?


Take a look at BaseRollerMenu.java to see the implemenation of
isPermitted(). It uses the Servlet API to determine the user's global
role and the Roller POJOs to determine weblog-specific role.

- Dave