<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2627" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Thanks,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>That worked well. It's a shame you can't use the
call / answer model for this, as generally it seems to be a nice way of reusing
components. It would be nice if a consistent approach was available regardless
of whether it was a</FONT><FONT face=Arial size=2> callback. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>thanks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>James Bridger</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><BR>Date: Sun, 12 Jun 2005 13:36:45 +0200<BR>From: Avi Bryant <<A
href="">avi.bryant@gmail.com</A>><BR>Subject: Re: [Seaside] setting up
security on components<BR>To: "The Squeak Enterprise Aubergines Server - general
discussion."<BR><<A
href="">seaside@lists.squeakfoundation.org</A>><BR>Message-ID: <<A
href="">ad69ab6905061204362a9bd494@mail.gmail.com</A>><BR>Content-Type:
text/plain; charset=ISO-8859-1<BR><BR>On 6/12/05, James <<A
href="">j@mesbridger.com</A>> wrote:<BR><BR>> I am trying to set up a
security system on an application where different<BR>> users will have the
rights to see different components. By default a user<BR>> will be set as a
Guest account and stored in a subclass of WASession. When<BR>> they try to
view a secured component it should check if they have<BR>> permission. If
they do the component is shown, if they do not a login dialog<BR>> is shown.
If they login successfully their new user is stored in the session<BR>> and
the component retries the check for permissions. <BR>> <BR>> I
have tried to implement this by defining a WASecuredComponent class
which<BR>> is a subclass of WAComponent. This has the following methods
<BR>> renderContentOn: html <BR>> self
checkPermission. <BR>> checkPermission <BR>>
(self session user checkPermissionTo: self ) ifFalse: [self<BR>>
requestLogin. self checkPermission.] <BR>> requestLogin
<BR>> (self call: WALogin new) ifFalse: [self
requestLogin]. <BR><BR>Hi James,<BR><BR>It looks like the main problem here is
that you're doing the #call: to<BR>the login component from the render
phase. You should only ever call<BR>components, or do mutation in general,
from a callback - rendering<BR>should be side-effect free.<BR><BR>I would
probably do this with a decoration
instead:<BR><BR>WASecurityDecoration>>renderContentOn: html<BR>
(self session user checkPermissionTo: self component)<BR>
ifTrue: [self renderOwnerOn: html]<BR> ifFalse: [self
renderLoginFormOn: html]<BR><BR>And then something
like<BR><BR>WAComponent>>beSecure<BR> self addDecoration:
WASecurityDecoration new<BR><BR>Now you can send #beSecure to any component you
like.<BR><BR>Does that make sense?<BR><BR>Avi<BR></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>