Role based lists of Views and ApplicationPages

[t0asti]

Hi all,

I got a new issue I currently don't knwo how to implement it exactly. With the current security controller model, it's possible to enable or disable commands based on the user's roles.

I'd like to do something similiar for views and pages. In my commands-context.xml I have the "ShowViewMenu" and "ShowPageMenu" enabled for the window menu. These menu points show all views and pages in the application. Has anyone ever worked on an implementation on filling these lists only with the entries allowed for the user's roles?

If there's no existing solution and someone's is interested I'd like to implement this part and share it afterwards. Any help appreciated though

Kind regards,
Tobias

[t0asti]

Which might be a good possibility to use is the ShowPageCommand / ShowViewCommand, which is generated by Spring-RCP internals. They currently get no security controller id and from what I see don't get configured by the security controller. Maybe this might be the shortest path to get this feature working.

[fritzrichter]

Hi,
this sounds really interessting, cause I will need such a feature as well. Depending on the stauts (admin or simple user) I'd like to enable the view for edditing the master data.

Do you found any solution, or should we implement such a feature?

cheers,
fritz

[t0asti]

I didn't work on it any further so far as I had to work on some other projects in the meantime - so there's no solution to this from my side so far.

Kind regards,
t0asti

[stiger]

Does anybody have any updates on this feature, I also want to have this feature in my application.
As per my knowledge; authorization can be applied on command level global as well as local(local Executors). But the ShowViewMenu and ShowViewCommand does not have any code for security check.
The feature I require is enable/disable menu entries in the Show View based on roles. Also if possible show the view in read only mode for some roles

[fritzrichter]

Currently there is no update available. You have to change the showViewCommand to an own implemented command, which then is able to enable, disable itself.

[nilols]

If I understand this correct there is no need to create your own commands because e.g. ShowPageMenu uses the createShowPageCommand that are defined in the PageDescriptor. The createShowPageCommand creates as the name states a ShowPageCommand which is a ActionCommand that implements SecurityControllable. So the solution could be that you extend the PageDescriptor you use and override the createShowPageCommand. In the overrided method you can just call super.createShowPageCommand and then set the securityControllerId, that you have injected in your extended PageDescriptor class, on the created ActionCommand.