[Seaside] setting up security on components
James
j at mesbridger.com
Wed Jun 15 00:43:15 CEST 2005
Thanks,
That worked well. It's a shame you can't use the call / answer model for this, as generally it seems to be a nice way of reusing components. It would be nice if a consistent approach was available regardless of whether it was a callback.
thanks
James Bridger
Date: Sun, 12 Jun 2005 13:36:45 +0200
From: Avi Bryant <avi.bryant at gmail.com>
Subject: Re: [Seaside] setting up security on components
To: "The Squeak Enterprise Aubergines Server - general discussion."
<seaside at lists.squeakfoundation.org>
Message-ID: <ad69ab6905061204362a9bd494 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 6/12/05, James <j at mesbridger.com> wrote:
> I am trying to set up a security system on an application where different
> users will have the rights to see different components. By default a user
> will be set as a Guest account and stored in a subclass of WASession. When
> they try to view a secured component it should check if they have
> permission. If they do the component is shown, if they do not a login dialog
> is shown. If they login successfully their new user is stored in the session
> and the component retries the check for permissions.
>
> I have tried to implement this by defining a WASecuredComponent class which
> is a subclass of WAComponent. This has the following methods
> renderContentOn: html
> self checkPermission.
> checkPermission
> (self session user checkPermissionTo: self ) ifFalse: [self
> requestLogin. self checkPermission.]
> requestLogin
> (self call: WALogin new) ifFalse: [self requestLogin].
Hi James,
It looks like the main problem here is that you're doing the #call: to
the login component from the render phase. You should only ever call
components, or do mutation in general, from a callback - rendering
should be side-effect free.
I would probably do this with a decoration instead:
WASecurityDecoration>>renderContentOn: html
(self session user checkPermissionTo: self component)
ifTrue: [self renderOwnerOn: html]
ifFalse: [self renderLoginFormOn: html]
And then something like
WAComponent>>beSecure
self addDecoration: WASecurityDecoration new
Now you can send #beSecure to any component you like.
Does that make sense?
Avi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20050614/ceead731/attachment.htm
More information about the Seaside
mailing list