You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Sez <se...@yahoo.es> on 2004/10/06 09:22:05 UTC

Security in events

Hi people,
 
I have some portlets with event "doSave". I want that some users, without
permission, cann't save data, and they can call event Save. I tried put in
security.xreg this entry...
 
<security-entry name="insert">
<meta-info>
    <title>Permission To Insert</title>
</meta-info>
<access action="doSave">
    <allow-if role="user"/>
</access>
<access action="dosave">
    <allow-if role="user"/>
</access>
<access action="eventSubmit_doSave">
    <allow-if role="user"/>
</access> 
<access action="eventsubmit_dosave">
    <allow-if role="user"/>
</access>
<access action="view">
    <allow-if role="guest"/>
</access>
<access action="view">
    <allow-if role="user"/>
</access>
</security-entry>

But, a guest can call doSave... Any idea or I must use jetspeed API in the
event dosave to check the permission???


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org