click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Schmidt (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CLK-406) Menu improvements - plug-able role checking.
Date Wed, 15 Apr 2009 23:41:15 GMT

    [ https://issues.apache.org/jira/browse/CLK-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699451#action_12699451
] 

Joseph Schmidt commented on CLK-406:
------------------------------------

> Other alternatives would be RoleAccessController, ContainerAccessController, JEEAccessController.

I think these sound better since that's what it is.

> This feature could also be used by the Tree control. 
The (secure) pages could also use this from the menu.xml defintion since there are some roles
associated with the pages, so onSecurityCheck is an even better place to be called.
Also Link controls could use it in their action, e.g. for the actions that are allowed only
for some roles: e.g. when the securitCheck lets the user see the page, and e.g. add something
but the delete link does not.

> Where we put these classes is an interesting question. Do you think extras.security is
the right place? 
I think it is very good. No core classes need them, so extras is the right place. 

> Menu improvements - plug-able role checking.
> --------------------------------------------
>
>                 Key: CLK-406
>                 URL: https://issues.apache.org/jira/browse/CLK-406
>             Project: Click
>          Issue Type: Improvement
>          Components: extras
>            Reporter: Demetrios Kyriakis
>
> Please improve the Menu Control, by allowing the user to have a plug-able role cheking
for the menu items.
> Right now the Menu Control is using HttpRequest#isUserInRole(String role), but most webapplications
> don't use this strategy for user/roles management, so this method returns false for all
those cases :(.
> This is very limiting, making the existing Menu Control useless for most user applications,
thus forcing the users
> to make their own menu controls (or the hack the original one). 
> Please allow to set a different method for this operation by the user (if no other is
used, of course, the default one - mentioned above - would be used as before - so 100% backwards
compatible).
> Thank you,
> Demetrios.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message