You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@pivot.apache.org by Jorg Heymans <jo...@gmail.com> on 2009/04/26 21:45:52 UTC

using declarative security in wtkx files

Hi,

A typical way to handle view level security in e.g. a JSP webapp is to
surround the widgets you want to protect with some sort of condition
linked to a security provider i.e.

<hasRole name="ROLE_ADMIN">
  <input type="submit" name="DELETE">
</hasRole>

Has it been considered to add this kind of security to the wtkx file
format ? Something like

<Form styles="{rightAlignLabels:true, fieldAlignment:'right'}">
    <fields>
        <Label Form.label="%value" textKey="value"/>
        <Label wtkx:id="changeLabel" Form.label="%change" textKey="change"/>
        <Label Form.label="%openingValue" textKey="openingValue"/>
        <Label Form.label="%highValue" textKey="highValue"/>
        <Label Form.label="%lowValue" textKey="lowValue"/>
        <HasRole name="ROLE_ADMIN">
            <Label Form.label="%volume" textKey="volume"/>
        </HasRole>
    </fields>
</Form>

which would display the volume label only if the user possesses that
role. Ofcourse the RoleProvider would have to be pluggable, and
thinking about it perhaps even a more generic "visibility" strategy is
in order, so that you would not be bound to the notion of roles to
conditionally display a widget.

WDYT ?

Regards,
Jorg