Hi DAW, comunity.

Based on previous discussion, started in this forum thread I was searching for possible ways to handle this more widely and intelligent manner than having to repeat validation/security check code inside each object I need to protect.

So, I found HandleAction function, which is today a private function inside cWebObject class.

I believe this would be a strong candidate to be intercepted, and allow developers to perform their security validation and block or allow the action to be executed.

Maybe a new public function hook could be created and called from this method, or another better one (DAW should now if a better place exist for this).
So, at the beginning of HandleAction, it already performs some internal validation, like IsInCallActionScope, or determining if the method is WebPublished or not.. things like that.

Why not expand this, and CALL another function that does nothing by default, but could be augmented by developers, so, we could based on our business rules block or allow the action to be executed. ?

Something simple, similar to AllowAccess to webViews , but now expanded to any Action for all cwebObjects..

Code:
Function AllowActionToExecute String sAction String[] aParams tWebValueTree aData Returns boolean 

End_Function
Then, we could easily intercept button OnClicks, CheckBox's OnChange, Links, and all sort of actions triggered by the client.

This would make much easier for us to sub-class our controls and implement security rules.

Again, just an idea, I am pretty sure DAW could have something even better than this.

Regards