Hi Barbara I see you posting always! ;) Thanks, So.... Do you mean the best approach is to put the permission to every file into the <data> element of the "auth-protect" action? Then check this permission into each page?
The auth-session data will return something like: <authentication> <ID>userA</ID> <data> <create-category>true</create-category> <edit-category>true</edit-category> <create-product>false</create-product> <edit-product>false</edit-product> </authentication> Then in the beginning of each page, checks for: <<create-category>> <session:getxml context="authentication" path="authentication/data/create-category"> It will return true or false. In this way I can have only 1 handler. Is this the best approach? Antonio Gallardo El Jueves, 05 de Septiembre de 2002 00:42, Barbara Post escribió: > Hello Antonio, you have somewhere a database, ldap directory or (for tests) > an xml file storing ID, password, permissions for each user, and then the > authentication simply happens the way you prefer, with an action etc. > > All the pages are protected by the same handler. > > Have a nice day, > > Babs > > ----- Original Message ----- > From: "Antonio Gallardo Rivera" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 05, 2002 8:26 AM > Subject: [Auth-framwork] - How to manage multiple documents. > > > Hi buddies! > > I read about the auth-document in > http://xml.apache.org/cocoon/developing/webapps/authentication.html > > Its a very nice authentication framework! > > I have just one question after read that: > > Given 4 pages to authenticate: > > a) create-category > b) edit-category > c) create-product > d) edit-product. > > and 5 users: > > userA, userB, userC, userD, userE > > and this permission rules: > > UserA can acces only pages a,b,c,d > UserB can acces only pages a,b > UserC can access only pages: c,d > UserD can access only pages: a,c > UserE can access only pages: b,d > > How is the best approach to do that with Cocoon? > > Of course we dont want that the user need to write his user ID and password > to > access every page. > > What we can do? > > Regards, > > Antonio Gallardo > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>