Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Does this situation need filter?  RSS feed

 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have menu with tabs in my web application. but those tabs are visible/accessible based on security settings. I have tab id and user id.
Right now I have created a common method at one place and calling it from various controllers and checking for the authority settings.

But is filter best choice here or the way I have implemented is ok or something else?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would not use a filter for something like this.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So how would you have handled this situation? The way I have implemented is fine?
I thought of filter because,

- Right now I am calling the method (which authenticate the user) from every controller. Should not it be called from single place, right at the door step?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A filter is fine for determining if the user is logged in or not, and redirecting them to a login if not.

But I thought you were talking about making on-page decisions of what to show or not.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see how a filter would help--don't you need to show/not-show tabs based on roles? How would that be done with a filter? I mean, it might depend on how you're storing the tabs that should be shown, but... I can't think of how a filter would help. I'd either get the tabs once at login, or show/hide them in the template based on a custom tag or something.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Bear

Ok I got it.

If you want to check whether the user has access to particular forum or 'moving the post' functionality , you will check only when that action takes place not on each and every user request.

Thank you.

@David

I'd either get the tabs once at login

This is what I am doing right now. But consider this situation. X logs into the system and he has access to Y tab. but Admin logs into the system and revokes X's access to Y tab. now if X clicks on Y , then he should not be able get the access to it and should see some admin message.

but yes I can see filter is not at all a choice here but the way I am doing it is correct i.e. on demand.

Thank you.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!