• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Disabling a form element server-side
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Disabling a form element server-side

  • Subject: Re: Disabling a form element server-side
  • From: Rams <email@hidden>
  • Date: Thu, 12 Jun 2008 20:02:30 -0400
Hi Dan,

My first thought would be to use an NSValidation validateKey() method in your WOComponent. This is called before setKey() and would allow you to check credentials and throw an NSValidation.ValidationException to block the update if the user is not allowed to edit the setting. If you're operating directly on your model object, validateKey should still work, but you'll still need to have your validationFailedWithException method located in the WOComponent that is accessing the model object.

But beware, all the really smart regulars are at WOWODC right now. I'm just throwing an idea out there.

Good luck.

On Jun 12, 2008, at 7:13 PM, Dan Grec wrote:

All,

We're currently using the "disabled" binding (and thus HTML) to stop text entry into fields when a user doesn't have access.
(i.e. WOTextField, WOCheckbox, etc)

This presents a problem, as users can use an inline proxy or firebug to submit the data anyway, which gets saved.
Our customers are complaining this is a security risk, so we have to do something.

We're trying to come up with a way to handle the disabling on the server side, rather than letter the browser deal with it.
We thought about conditionally rending them as a text equivelant (ie WOString instead of WOTextField) but this will be pretty annoying for WOCheckbox & WORadioButton.

Does anyone have any suggestions?

Thanks,
-Dan

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@mac.com

This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Disabling a form element server-side (From: Dan Grec <email@hidden>)

  • Prev by Date: Re: [OT] WWDC--where is our resident singer/composer?
  • Next by Date: Re: Disabling a form element server-side
  • Previous by thread: Disabling a form element server-side
  • Next by thread: Re: Disabling a form element server-side
  • Index(es):
    • Date
    • Thread