« Return to Thread: Field level Authorization strategy suggestions?
Re: Field level Authorization strategy suggestions?
by Mr Mean
::
Rate this Message:
Well, there are a couple directions you can take.
1 If the number of "admin" fields is relatively small you could try
grouping those fields together in a panel for each page that has these
admin fields and then simply apply your security to the panel instead
of to the individual fields. (Works best with handful of fields)
2 If you only have 1 or 2 "admin" fields/components on a given page
you could apply the security directly to those components.
3 If you want complete control over every field, it might be a good
idea to use a special model.
4 Use a customized propertycolumn and use the field expression to
check for the appropriate permissions
For all of the above you can use swarm.
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
Options 1 and 2 can be handled with common secure components.
Option 1 is not really relevant in a datatable but is for other types of pages.
Option 2 might involve wrapping the secure components in a customized column.
For option 3 you might want to take a look at the
SwarmCompoundPropertyModel, in a datatable you probably want to have a
similar model returned by your dataprovider.
Option 4 involves using a securemodel (like
SwarmCompoundPropertyModel) in your column instead of the default
propertymodel.
Well these are just some initial thoughts on how you could accomplish
this. Feel free to ask if you have some more questions.
Maurice
On Sat, Jul 19, 2008 at 12:13 AM, David Nedrow <dnedrow@...> wrote:
> I'm building a database driven application.
>
> I've constructed LoadableDetachableModel for my entities, those LDMs then
> being presented in a Panel via a SortableDataProvider driven
> DefaultDataTable.
>
> I'd like to automatically expose additional functionality or field
> visibility depending on the authorization level of the user (session). For
> example, editable fields for "admin" users.
>
> At which point is it most appropriate to handle that? Should I somehow
> construct field(column) level models and encapsulate those in a higher-level
> model?
>
> Has anyone done something similar or is there an example somewhere that I'm
> overlooking?
>
> -David
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...
1 If the number of "admin" fields is relatively small you could try
grouping those fields together in a panel for each page that has these
admin fields and then simply apply your security to the panel instead
of to the individual fields. (Works best with handful of fields)
2 If you only have 1 or 2 "admin" fields/components on a given page
you could apply the security directly to those components.
3 If you want complete control over every field, it might be a good
idea to use a special model.
4 Use a customized propertycolumn and use the field expression to
check for the appropriate permissions
For all of the above you can use swarm.
http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security
Options 1 and 2 can be handled with common secure components.
Option 1 is not really relevant in a datatable but is for other types of pages.
Option 2 might involve wrapping the secure components in a customized column.
For option 3 you might want to take a look at the
SwarmCompoundPropertyModel, in a datatable you probably want to have a
similar model returned by your dataprovider.
Option 4 involves using a securemodel (like
SwarmCompoundPropertyModel) in your column instead of the default
propertymodel.
Well these are just some initial thoughts on how you could accomplish
this. Feel free to ask if you have some more questions.
Maurice
On Sat, Jul 19, 2008 at 12:13 AM, David Nedrow <dnedrow@...> wrote:
> I'm building a database driven application.
>
> I've constructed LoadableDetachableModel for my entities, those LDMs then
> being presented in a Panel via a SortableDataProvider driven
> DefaultDataTable.
>
> I'd like to automatically expose additional functionality or field
> visibility depending on the authorization level of the user (session). For
> example, editable fields for "admin" users.
>
> At which point is it most appropriate to handle that? Should I somehow
> construct field(column) level models and encapsulate those in a higher-level
> model?
>
> Has anyone done something similar or is there an example somewhere that I'm
> overlooking?
>
> -David
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...
« Return to Thread: Field level Authorization strategy suggestions?
| Free Forum Powered by Nabble | Forum Help |
