Hi Isomorphic,
could you elaborate a bit on this excerpt from the Quick Start Guide?
For my mail sending I'm injecting an "$options" object in my SQLDataSource subclass. Depending on the options I then show or hide fields in the html template.
I tried the same with viewRequiresRole for a field in my .ds.xml, but it seems that my code like viewRequiresRole="#{if}($options.isShowA)aGrantTheUserHasForSure#{else}false#{end}" is interpreted as text - as no role with that text exists, the field is canView:false as result. Also introducing Velocity-syntax errors did not result in server exceptions.
So my question is: Does the DataSourceLoader also have the Velocity variables at hand I inject in SQLDataSource? It would need them in order to evaluate that viewRequiresRoles shown above.
My use case is that I could handle system settings that way without having to assign or not-assign a role to all users.
Thank you & Best regards
Blama
could you elaborate a bit on this excerpt from the Quick Start Guide?
Code:
Declarative Security (requires attribute) Similar to requiresRole and requiresAuthentication, the requires attribute allows an arbitrary Velocity expression to restrict access control
I tried the same with viewRequiresRole for a field in my .ds.xml, but it seems that my code like viewRequiresRole="#{if}($options.isShowA)aGrantTheUserHasForSure#{else}false#{end}" is interpreted as text - as no role with that text exists, the field is canView:false as result. Also introducing Velocity-syntax errors did not result in server exceptions.
So my question is: Does the DataSourceLoader also have the Velocity variables at hand I inject in SQLDataSource? It would need them in order to evaluate that viewRequiresRoles shown above.
My use case is that I could handle system settings that way without having to assign or not-assign a role to all users.
Thank you & Best regards
Blama
Comment