THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| No Format |
|---|
public boolean isUserRequired();
public boolean isWeblogRequired();
public String requiredUserRole();
public short requiredWeblogPermissions();
|
These methods provide a very simple way for action writers to control the security enforcement on their action. By overriding any of these methods you can configure your action to not enforce any security rules or to enforce all security options, it's up to you. To set a security preference just implement the method as you would expect, so to force that users must have the ADMIN permission on the action weblog to use the action you would do this ...
| No Format |
|---|
public boolean isUserRequired() { return true; }
public boolean isWeblogRequired() { return true; }
public String requiredUserRole() { return "editor"; }
public short requiredWeblogPermissions() { return PermissionsData.ADMIN; }
|
That's it! If you put the code above in your action and are extending UIAction then your action will ensure that the logged in user has ADMIN permissions on the action weblog before executing. And, to make things even easier, the UIAction class is defined with some reasonable defaults so that you don't have to implement all of those methods in every action. By default the UIAction class enforces these rules ...
| No Format |
|---|
public boolean isUserRequired() { return true; }
public boolean isWeblogRequired() { return true; }
public String requiredUserRole() { return "editor"; }
public short requiredWeblogPermissions() { return -1; }
|
This means that by default, all actions require that a user and weblog is properly specified and that the user has the "editor" role. Now all you would need to do for the example we gave about, all you would really have to do is put this in your action to enforce the ADMIN permission ...
| No Format |
|---|
public short requiredWeblogPermissions() { return PermissionsData.ADMIN; }
|
Pretty slick eh? Note, the reason why there is no default required weblog permission is mostly to alleviate any confusion about required permissions for actions. Basically, we want the action classes to define the requiredWeblogPermissions() method as shown above so that anyone working on the action can see directly in that class what the enforced permissions are.
myPrepare() method
Tabbed Menu controls
...