[Seaside] setting up security on components

James j at mesbridger.com
Wed Jun 15 00:43:15 CEST 2005 

Thanks,

That worked well. It's a shame you can't use the call / answer model for this, as generally it seems to be a nice way of reusing components. It would be nice if a consistent approach was available regardless of whether it was a callback. 

thanks

James Bridger


Date: Sun, 12 Jun 2005 13:36:45 +0200
From: Avi Bryant <avi.bryant at gmail.com>
Subject: Re: [Seaside] setting up security on components
To: "The Squeak Enterprise Aubergines Server - general discussion."
<seaside at lists.squeakfoundation.org>
Message-ID: <ad69ab6905061204362a9bd494 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On 6/12/05, James <j at mesbridger.com> wrote:

> I am trying to set up a security system on an application where different
> users will have the rights to see different components. By default a user
> will be set as a Guest account and stored in a subclass of WASession. When
> they try to view a secured component it should check if they have
> permission. If they do the component is shown, if they do not a login dialog
> is shown. If they login successfully their new user is stored in the session
> and the component retries the check for permissions. 
>   
> I have tried to implement this by defining a WASecuredComponent class which
> is a subclass of WAComponent. This has the following methods 
> renderContentOn: html 
>     self checkPermission. 
> checkPermission  
>     (self session user checkPermissionTo: self ) ifFalse: [self
> requestLogin. self checkPermission.] 
> requestLogin  
>     (self call: WALogin new) ifFalse: [self requestLogin]. 

Hi James,

It looks like the main problem here is that you're doing the #call: to
the login component from the render phase.  You should only ever call
components, or do mutation in general, from a callback - rendering
should be side-effect free.

I would probably do this with a decoration instead:

WASecurityDecoration>>renderContentOn: html
  (self session user checkPermissionTo: self component)
    ifTrue: [self renderOwnerOn: html]
    ifFalse: [self renderLoginFormOn: html]

And then something like

WAComponent>>beSecure
  self addDecoration: WASecurityDecoration new

Now you can send #beSecure to any component you like.

Does that make sense?

Avi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20050614/ceead731/attachment.htm

More information about the Seaside mailing list