 |
History
| Log In
|
|
|
|
[
Permlink
| « Hide
]
Matt Raible - 09/May/06 02:44 AM
Related: http://sourceforge.net/tracker/index.php?func=detail&aid=1358227&group_id=48726&atid=453976
Can you please provide a way of reproducing this in the sample application that ships with Struts Menu?
i use appfuse in cvs as my application base.
in my application, there are roles like this: admin user customer marginsInAuditor marginsOutAuditor marginsInChecker marginsOutChecker and my menu-config.xml like this: <Menu name="MarginsManageMenu" title="menu.margins" roles="marginsInChecker,marginsOutChecker,marginsInAuditor,marginsOutAuditor"> <Item name="AuditMarginsIn" title="menu.margins.auditIn" page="/auditMarginsIns.html" roles="marginsInAuditor"/> <Item name="AuditMarginsOut" title="menu.margins.auditOut" page="/auditMarginsOuts.html" roles="marginsOutAuditor"/> <Item name="CheckMarginsIn" title="menu.margins.checkIn" page="/checkMarginsIns.html" roles="marginsInChecker"/> <Item name="CheckMarginsOut" title="menu.margins.checkOut" page="/checkMarginsOuts.html" roles="marginsOutChecker"/> </Menu> then when admin logined without any of the other roles, the MarginsManageMenu don't shown, it's right. when admin aquire one of the roles, the MarginsManageMenu show with the right submenu, it's right. but when admin aquire one or more the other roles, there still only the previous one submenu, the others can't show, only when i restart tomcat, the others show. so i think the problem remains there, the menu repositry was updated by the VelocityMenuDisplayer, anytime the updateAllowedComponents called, it reduce the set of menu repositry. so maybe we need a reload, or just store a global repositry, when display, just use a local subset. ps.
1. i use springMVC 2. i can't reproduce it in the struts-menu example, in the example, when basic role modified, i need restart my ie to take it effect. and it works, but in my app, it only worked when i restart tomcat. so i wonder is it a appfuse or my own problem. 3. now i use the template solution, disable the updateAllowedComponents call, and add the role check in the template. here is my cssHorizontalMenu.vm #macro( displayCssMenu $menu ) ## set menu title #set ($title = $displayer.getMessage($menu.title)) #if (!$menu.url) #set ($url="#") #else #set ($url=$menu.url) #end ## create a single menu item #if ($menu.components.size() == 0) #if $($currentCount == $allowedCount) <li class="last"> #else <li> #end #if ($menu.name == $currentMenu) <strong><a href="$url" title="$title" #if($menu.target)target="$menu.target"#end#if($menu.width)style="width: ${menu.width}px"#end>${title}</a></strong> #else <a href="$url" title="$title" #if($menu.target)target="$menu.target"#end#if($menu.width)style="width: ${menu.width}px"#end>${title}</a> #end #else ## create multiple menu items in a menu <li class="menubar"> #if ($menu.name == $currentMenu)<strong>#end <a href="$url" title="$title" #if($menu.target)target="$menu.target"#end#if($menu.width)style="width: ${menu.width}px"#end>${title}</a> #if ($menu.name == $currentMenu)</strong>#end #end #if ($menu.components.size() > 0) <ul> #set ($allowedCount = 0) #foreach ($menuIt in $menu.components) #if ($displayer.isAllowed($menuIt)) #set ($allowedCount = $allowedCount + 1) #end #end #set ($currentCount = 0) #foreach ($menuIt in $menu.components) #if ($displayer.isAllowed($menuIt)) #set ($currentCount = $currentCount + 1) #displayCssMenu($menuIt) #end #end </li> </ul> #else </li> #end #end #if ($displayer.isAllowed($menu)) #displayCssMenu($menu) #end and my cssVerticalMenu.vm #macro( displayCssMenu $menu ) ## set menu title #set ($title = $displayer.getMessage($menu.title)) #if (!$menu.parent) <h2>$title</h2> #end <ul id="local"> #foreach ($menuItem in $menu.components) #if ($displayer.isAllowed($menuItem)) #set ($title = $displayer.getMessage($menuItem.title)) <li><a href="$menuItem.url" title="$title" #if($menuItem.target)target="$menuItem.target"#end>${title}</a> #end #end </ul> #end #if ($displayer.isAllowed($menu)) #displayCssMenu($menu) #end Here's a patch that clones the menu so the original isn't modified. Please try the JAR from http://static.appfuse.org/struts-menu-2.4.1.jar. Does this fix your issue?
Hi, Matt, it do fixed the issue, thanks for the great job.
but there still another one, it's about the cssHorizontalMenu.vm in appfuse cvs. maybe i should post it to appfuse jira. but it is also about the velocity, so let's finish it here. the problem is there is the Logout Menu after my MarginsManageMenu like this: <Menu name="MarginsManageMenu" title="menu.margins" roles="..."> ... </Menu> <Menu name="Logout" title="user.logout" page="/logout.jsp" roles="admin,user"/> as i metioned before, there is four roles and four items in MarginsManageMenu, so when admin got less than four of those roles, the Logout Menu become a subitem to the MarginsManageMenu, and when admin got none or all of them the Logout Menu remain it's menu situation. i thought it's coused by these lines from the cssHorizontalMenu.vm in appfuse cvs #if $($velocityCount == $menu.parent.components.size()) <li class="last"> and #if $($velocityCount == $menu.parent.components.size()) </ul> #end maybe you should check the .parent.components.size(), it remains old value after the owned check. So you're saying that $menu.parent.components.size() doesn't take into account the items removed by the permission check? If that's the issue, it shouldn't be too hard to fix.
Can you post a menu-config.xml that I can use to reproduce the problem? If I can't reproduce the problem, it's difficult for me to fix.
<?xml version="1.0" encoding="UTF-8"?>
<MenuConfig> <Displayers> <Displayer name="Velocity" type="net.sf.navigator.displayer.VelocityMenuDisplayer"/> </Displayers> <Menus> <Menu name="MainMenu" title="mainMenu.title" page="/mainMenu.html" roles="admin,user"> <Item name="UserMenu" title="menu.user" description="User Menu" page="/editProfile.html"/> </Menu> <Menu name="AccountMenu" title="menu.account" description="Account Menu" roles="customer" width="100"> <Item name="MarginsInputMenu" title="menu.account.marginsinput" page="/marginsInputs.html" roles="customer"/> </Menu> <!-- ==================== Administrator Menu =========================== --> <Menu name="AdminMenu" title="menu.admin" description="Admin Menu" roles="admin" width="100"> <Item name="ViewUsers" title="menu.admin.users" page="/users.html" roles="admin"/> <Item name="ActiveUsers" title="mainMenu.activeUsers" page="/activeUsers.html" roles="admin"/> <Item name="ReloadContext" title="menu.admin.reload" page="/reload.html" roles="admin"/> <Item name="FlushCache" title="menu.flushCache" page="/flushCache.html" roles="admin"/> </Menu> <Menu name="MarketMenu" title="menu.market" description="Market Management Menu" roles="admin"> <Item name="ViewMarketControls" title="menu.market.controls" page="/marketControlConfigs.html" roles="admin"/> <Item name="ViewMarkets" title="menu.market.markets" page="/markets.html" roles="admin"/> </Menu> <Menu name="CustomerManageMenu" title="menu.customer" roles="admin" width="100"> <Item name="ViewCustomers" title="menu.customer.list" page="/customers.html" roles="admin"/> <Item name="SettlementAccounts" title="menu.customer.settlementaccount.list" page="/settlementAccounts.html" roles="admin"/> </Menu> <Menu name="MarginsManageMenu" title="menu.margins" roles="marginsInChecker,marginsOutChecker,marginsInAuditor,marginsOutAuditor"> <Item name="AuditMarginsIn" title="menu.margins.auditIn" page="/auditMarginsIns.html" roles="marginsInAuditor"/> <Item name="AuditMarginsOut" title="menu.margins.auditOut" page="/auditMarginsOuts.html" roles="marginsOutAuditor"/> <Item name="CheckMarginsIn" title="menu.margins.checkIn" page="/checkMarginsIns.html" roles="marginsInChecker"/> <Item name="CheckMarginsOut" title="menu.margins.checkOut" page="/checkMarginsOuts.html" roles="marginsOutChecker"/> </Menu> <Menu name="Logout" title="user.logout" page="/logout.jsp" roles="admin,user"/> </Menus> </MenuConfig> |
|||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Resolved
Major
Velocity Menu + role based security bug
