Reputation: 5575
Hide and show or switch panels and components based on user and context
I'm developing a wicket application (currently using wicket 1.5) which is about to get a blog-like feature. Users can post stuff or mark certain business objects as public and other users can comment on these. Only the owning user is allowed to edit these business objects or posts. I know that there are several frameworks providing hide/show or switch-panel functionality based on the current user but is there anything that can be used to do this not only user-based but context-based as well? I know that I'll have to provide my business logic but I'd prefer to skip all the repeating boilerplate-code, so even an AOP-driven-approach might do the trick but since I never worked with that before, I don't know.
Edit: More details on the scenario:
Within the application any (logged in) user can enter let's say recipes which he can flag as public (can be read by anyone) or private (can be read only by himself). Any logged in user can comment on any public recipe (either public or private). Private comments can only be read by the commenter and the recipe owner. Only the owner can edit a recipe. Only the commenter can edit his comments. Only the recipe owner or the commenter can delete comments. So basically I'm just looking for an idea to expand the classic role-based security model by a context based role ("owner") and by writing this it seems that the only wicket edge to this would be, that I'd prefer a solution based on a framework that integrate well wit wicket (or even one where the integration is already provided by wicketstuff).
Upvotes: 0
Views: 463
Answers (1)
Reputation: 10896
If you're looking for a security framework that supports instance-based authorization, you could take a look at Spring Security ACLs.
But unless you want to build something say, as flexible and generic as the Unix file system, I don't think this kind of solution is necessary.
Anyway, to 'integrate' whatever solution you choose into Wicket pages, you could do something as simple as overriding the `onConfigure()´ method (on pages or components), to verify user permissions and set things visible/invisible, enabled/disabled as needed.
@Override
public void onConfigure() {
boolean isAuthor = getCurrentUser().equals(post.getAuthor());
deleteButton.isVisible(isAuthor);
editLink.isEnabled(isAuthor);
}
Upvotes: 3
Related Questions
- Controlling visibility of wicket component via AbstractAjaxTimerBehavior
- Hide/Show a Panel depending on a CheckBox in Wicket
- Wicket manage differents authentication sections
- Hiding a component in Wicket
- Wicket container that is hidden when all its child components are hidden
- Loading Wicket Panels dynamically in a <div>
- Wicket visiblity and class toggle
- Wicket - Reusable panels with java inheritance
- wicket ajax hide/unhide reusable panel withouth submiting form
- Wicket: Is it possible to display components of a panel based on page the panel is added to?