best practice to customize controllers behaviour

[federico-]

say you have a list of pizzas, some of them are reserved to VIP customers

how would you filter that list if you were basing on Roo?

my (ugly) way for now has been to customize the generated menu to point to a custom url ("/pizza/list" instead of just "/pizza") an to create a "myList" method in the PizzaController

Better ways?

[mikej]

Can't you just use security tags in the jsp? When you iterate through a list of pies, don't print the line if the pie is a vip pie but the customer is not a vip customer.

Or you could filter out vip pizzas within the controller method itself. You can inject the authenticated user by adding "Authentication auth, " to the method signature (i.e., to PizzaController.list(..)). Then if the auth object doesn't represents a vip customer, you can remove all of the vip pizzas from pizzas collection.

Using the security tags requires setting "automaticallyMaintainView=false", while modifying your controller method requires pushing the method out of the aspect.

[federico-]

what's "authentication auth" ? can't find it in the docs
can you point me to some documentation?

[federico-]

sorry, now I got it

thanks for your help!