Announcement Announcement Module
Collapse
No announcement yet.
Allowed fiels in Roo generated controller Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allowed fiels in Roo generated controller

    Roo nicely generate the controller and actions to e.g. craete and update a specific domain class.

    What should be the best steps to not allow some of the domain class properties to be set.

    E.g. in create action I don't want the Domain.<property1> to be allowed to be set.
    And in update action I don't want the Domain.<property2> to be allowed to be set.

    So per action I will have different fields that are not allowed.

    I can easily remove the fields from views, but security wise this is not enough.

    Any thoughts?

  • #2
    Hi Marcel, you should remove the fields from your views (render=false) as suggested and then set allowed fields or disallowed fields in the databinder of your controller to manage exactly what gets bound and what not. See http://static.springsource.org/sprin...ataBinder.html

    HTH,
    Stefan

    Comment


    • #3
      Thanks Stefan,
      I'm aware of the @InitBinder, but how can i differentiate between actions? E.g. per action the allowed fields are different.

      Comment


      • #4
        Any ideas?

        Comment

        Working...
        X