You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@pivot.apache.org by Jorg Heymans <jo...@gmail.com> on 2009/04/26 21:45:52 UTC
using declarative security in wtkx files
Hi,
A typical way to handle view level security in e.g. a JSP webapp is to
surround the widgets you want to protect with some sort of condition
linked to a security provider i.e.
<hasRole name="ROLE_ADMIN">
<input type="submit" name="DELETE">
</hasRole>
Has it been considered to add this kind of security to the wtkx file
format ? Something like
<Form styles="{rightAlignLabels:true, fieldAlignment:'right'}">
<fields>
<Label Form.label="%value" textKey="value"/>
<Label wtkx:id="changeLabel" Form.label="%change" textKey="change"/>
<Label Form.label="%openingValue" textKey="openingValue"/>
<Label Form.label="%highValue" textKey="highValue"/>
<Label Form.label="%lowValue" textKey="lowValue"/>
<HasRole name="ROLE_ADMIN">
<Label Form.label="%volume" textKey="volume"/>
</HasRole>
</fields>
</Form>
which would display the volume label only if the user possesses that
role. Ofcourse the RoleProvider would have to be pluggable, and
thinking about it perhaps even a more generic "visibility" strategy is
in order, so that you would not be bound to the notion of roles to
conditionally display a widget.
WDYT ?
Regards,
Jorg