[Seaside] setting up security on components
James
j at mesbridger.com
Sun Jun 12 01:32:10 CEST 2005
Hi all,
I am trying to set up a security system on an application where different users will have the rights to see different components. By default a user will be set as a Guest account and stored in a subclass of WASession. When they try to view a secured component it should check if they have permission. If they do the component is shown, if they do not a login dialog is shown. If they login successfully their new user is stored in the session and the component retries the check for permissions.
I have tried to implement this by defining a WASecuredComponent class which is a subclass of WAComponent. This has the following methods
renderContentOn: html
self checkPermission.
checkPermission
(self session user checkPermissionTo: self ) ifFalse: [self requestLogin. self checkPermission.]
requestLogin
(self call: WALogin new) ifFalse: [self requestLogin].
Classes to be secured extend WASecuredComponent and have to start renderContentOn with
super renderContentOn: html.
WALogin extends WALoginDialog and contains
login
| user |
user := WAUser verifyPassword: password forUser: username.
(user userId > 0) ifTrue: [ self session user: user.].
self answer: (user userId > 0).
At first it all seems to work OK. I get the login dialog if I don't have permission to view the component. Entering an invalid password or one without permission on the component leads to the login dialog showing again. Entering a correct password leads to the secured component showing. However if I try to do something with the secured component, such as post a form on it, I get the "Components not found while processing callbacks: #(a TAG.WAForm)" error. I know this error usually means a problem with a children method, but I can't see how that could be the case in this situation, particularly since my application has successfully shown the login form and the secured component already. I have tried to debug, and it seems that the secured component is still delegated to the login form, despite the fact that the secured component has just been visible.
Am I going about this in the wrong way, or is there a mistake in my implementation?
I don't think the User, Session and other classes are relevant to this problem - let me know if their definitions would help. If it makes a difference I am using VW 7.3
Many thanks
James Bridger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20050612/ba89866a/attachment.htm
More information about the Seaside
mailing list