Re: Disabling a form element server-side
Re: Disabling a form element server-side
- Subject: Re: Disabling a form element server-side
- From: Rams <email@hidden>
- Date: Thu, 12 Jun 2008 20:02:30 -0400
Hi Dan,
My first thought would be to use an NSValidation validateKey() method
in your WOComponent. This is called before setKey() and would allow
you to check credentials and throw an NSValidation.ValidationException
to block the update if the user is not allowed to edit the setting.
If you're operating directly on your model object, validateKey should
still work, but you'll still need to have your
validationFailedWithException method located in the WOComponent that
is accessing the model object.
But beware, all the really smart regulars are at WOWODC right now.
I'm just throwing an idea out there.
Good luck.
On Jun 12, 2008, at 7:13 PM, Dan Grec wrote:
All,
We're currently using the "disabled" binding (and thus HTML) to stop
text entry into fields when a user doesn't have access.
(i.e. WOTextField, WOCheckbox, etc)
This presents a problem, as users can use an inline proxy or firebug
to submit the data anyway, which gets saved.
Our customers are complaining this is a security risk, so we have to
do something.
We're trying to come up with a way to handle the disabling on the
server side, rather than letter the browser deal with it.
We thought about conditionally rending them as a text equivelant (ie
WOString instead of WOTextField) but this will be pretty annoying
for WOCheckbox & WORadioButton.
Does anyone have any suggestions?
Thanks,
-Dan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@mac.com
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden