[Seaside] setting up security on components
Avi Bryant
avi.bryant at gmail.com
Sun Jun 12 13:36:45 CEST 2005
On 6/12/05, James <j at mesbridger.com> wrote:
> I am trying to set up a security system on an application where different
> users will have the rights to see different components. By default a user
> will be set as a Guest account and stored in a subclass of WASession. When
> they try to view a secured component it should check if they have
> permission. If they do the component is shown, if they do not a login dialog
> is shown. If they login successfully their new user is stored in the session
> and the component retries the check for permissions.
>
> I have tried to implement this by defining a WASecuredComponent class which
> is a subclass of WAComponent. This has the following methods
> renderContentOn: html
> self checkPermission.
> checkPermission
> (self session user checkPermissionTo: self ) ifFalse: [self
> requestLogin. self checkPermission.]
> requestLogin
> (self call: WALogin new) ifFalse: [self requestLogin].
Hi James,
It looks like the main problem here is that you're doing the #call: to
the login component from the render phase. You should only ever call
components, or do mutation in general, from a callback - rendering
should be side-effect free.
I would probably do this with a decoration instead:
WASecurityDecoration>>renderContentOn: html
(self session user checkPermissionTo: self component)
ifTrue: [self renderOwnerOn: html]
ifFalse: [self renderLoginFormOn: html]
And then something like
WAComponent>>beSecure
self addDecoration: WASecurityDecoration new
Now you can send #beSecure to any component you like.
Does that make sense?
Avi
More information about the Seaside
mailing list