Hi Barbara I see you posting always! ;) Thanks,
So.... Do you mean the best approach is to put the permission to every file
into the <data> element of the "auth-protect" action? Then check this
permission into each page?
The auth-session data will return something like:
<authentication>
<ID>userA</ID>
<data>
<create-category>true</create-category>
<edit-category>true</edit-category>
<create-product>false</create-product>
<edit-product>false</edit-product>
</authentication>
Then in the beginning of each page, checks for:
<<create-category>>
<session:getxml
context="authentication"
path="authentication/data/create-category">
It will return true or false.
In this way I can have only 1 handler. Is this the best approach?
Antonio Gallardo
El Jueves, 05 de Septiembre de 2002 00:42, Barbara Post escribió:
> Hello Antonio, you have somewhere a database, ldap directory or (for tests)
> an xml file storing ID, password, permissions for each user, and then the
> authentication simply happens the way you prefer, with an action etc.
>
> All the pages are protected by the same handler.
>
> Have a nice day,
>
> Babs
>
> ----- Original Message -----
> From: "Antonio Gallardo Rivera" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, September 05, 2002 8:26 AM
> Subject: [Auth-framwork] - How to manage multiple documents.
>
>
> Hi buddies!
>
> I read about the auth-document in
> http://xml.apache.org/cocoon/developing/webapps/authentication.html
>
> Its a very nice authentication framework!
>
> I have just one question after read that:
>
> Given 4 pages to authenticate:
>
> a) create-category
> b) edit-category
> c) create-product
> d) edit-product.
>
> and 5 users:
>
> userA, userB, userC, userD, userE
>
> and this permission rules:
>
> UserA can acces only pages a,b,c,d
> UserB can acces only pages a,b
> UserC can access only pages: c,d
> UserD can access only pages: a,c
> UserE can access only pages: b,d
>
> How is the best approach to do that with Cocoon?
>
> Of course we dont want that the user need to write his user ID and password
> to
> access every page.
>
> What we can do?
>
> Regards,
>
> Antonio Gallardo
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
