1 Reply Latest reply on Jan 29, 2009 8:47 PM by francof

    How to sync <s:link> with permissions defined in pages.xml

    scatudal

      I'm currently investigating the security features of seam in order to decide how it will be used in our new project.


      It is possible to specify restrictions on views in the pages.xml file.  Here is an example.


      <page view-id="/user.xhtml">
           <restrict>#{s:hasRole('user')}</restrict>
      </page>



      It is also possible to decide if a ui component will be displayed based on the same test.


      <s:link view="/user.xhtml" value="Users" rendered="#{s:hasRole('user')}" />



      The problem is the following.  If I change the restriction for the page user.xhtml in the pages.xml file, I have to remember that I have to change the restriction on every link to that page in the application.  If I don't, people could get authorization errors.


      Is there a way for my s:link to lookup what's been specified in the pages.xml in order to have only one source for the specification of this access control?


      The same situation exists with command buttons and actions.


      I guess it probably doesn't exist, but I'd like to have it confirmed and also to know how you guys manage this in order to reduce maintenance.


      Thanks,
      Sylvain