I need to restrict access to data in the form depending on some condition.
For example account1 “balanceAmount” can be shown and editable to user(ex:$1000), whereas account2 “balanceAmount” can only be displayed as non editable "xxx-xx" in place of actual amount. So basically I have the same
jsp page and show "balanceAmount" depending on account type.
I wondered whats the best approach to implement this kind of field level security?
I was thinking of having a composite component which accepts condition and balanceAmount objects, based on account type I will display outputText with static text "xxx-xx" and inputText with balanceAmount bound to its value attribute.
Sample code attached below:
//Composite component code
<composite:interface>
<composite:attribute name="condition" />
<composite:attribute name="balanceAmount" />
</composite:interface>
<composite:implementation>
<h:outputText value="xxx-xx-xxx" rendered="#{cc.attrs.condition}" />
<p:inputText value="#{cc.attrs.balanceAmount}" rendered="#{!cc.attrs.condition}">
<f:convertNumber type="currency" />
</p:inputText>
</composite:implementation>
//Using composite component
<util:input id="accountBalance" condition="#{account.vipCustomer}"
balanceAmount="#{account.accountBalance}" />
//Account bean
public class Account implements Serializable {
private double accountBalance;
private boolean vipCustomer = false;
getter's and setter's goes here.....
}
Is it the safe approach, will there be any maintainence or upgradation issues.
Is there a better way? Thanks for any input.