You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Igor Vaynberg (JIRA)" <ji...@apache.org> on 2009/02/14 05:22:59 UTC

[jira] Resolved: (WICKET-2089) Perform authorization for links based on the page annotations they refer to.

     [ https://issues.apache.org/jira/browse/WICKET-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg resolved WICKET-2089.
-----------------------------------

    Resolution: Won't Fix
      Assignee: Igor Vaynberg

your implementation is too specific because it only works on pagelinks, what about regular links?if this kind of check is baked into the strategy it should work for everything. i did make the changes to the superclass so you can move forward with your own implementation.

> Perform authorization for links based on the page annotations they refer to.
> ----------------------------------------------------------------------------
>
>                 Key: WICKET-2089
>                 URL: https://issues.apache.org/jira/browse/WICKET-2089
>             Project: Wicket
>          Issue Type: New Feature
>          Components: wicket, wicket-auth-roles
>    Affects Versions: 1.4-RC2
>            Reporter: Dominik Drzewiecki
>            Assignee: Igor Vaynberg
>            Priority: Minor
>             Fix For: 1.4-RC3
>
>         Attachments: annot-revised-and-working.patch
>
>
> It is a common case to hide links to the pages the user is not allowed to reach without a proper role. The proper annotations and strategies are already in place but one has to write her own component classes for them to be taken into account. While it is nothing unusual to write pages, panels or so (and providing authorization annotations on them) and let wicket decide whether to show or hide them, it is way less frequent to write Link implementations, but rather developers use already provided set of Link classes. Moreover, those custom Link implementations would provide no functionality over inherited classes, but merely act as a placeholder for the authorization annotations, which would be anyway duplicated from the pages they are referring to. I suggest extending AnnotationsRoleAuthorizationStrategy so that whenever the component to check authorization on is of PageLink, BookmarkablePageLink or their descendant type, the authorization should be performed first based on their own annotations and later on, on the authz annotations of the pages they are referring to. A patch following shortly.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.