Hi Amelie, I do a similar thing, and I use an XSP with some scripting in it. Here's the XSP
It's not through the sitemap, but maybe this helps you. Yves <?xml version="1.0" encoding="ISO-8859-1"?> <xsp:page language="java" xmlns:xsp="http://apache.org/xsp" xmlns:esql="http://apache.org/cocoon/SQL/v2" xmlns:xsp-request="http://apache.org/xsp/request/2.0" xmlns:xsp-session="http://apache.org/xsp/session/2.0" create-session="true"> <html> <esql:connection> <esql:pool>pierrefabre</esql:pool> <esql:execute-query> <esql:query> select * from tblLogin where name = '<xsp-request:get-parameter name="username"/>' and password = '<xsp-request:get-parameter name="password"/>' ; </esql:query> <esql:results> <xsp-session:set-attribute name="user">admin</xsp-session:set-attribute> <body onload="window.location = './../frames.html'"></body> </esql:results> <esql:no-results> <head> <link rel="stylesheet" type="text/css" href="./../css/pierrefabre.css"/> <title>Pierre Fabre Médicament</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <meta http-equiv="pragma" content="no-cache"/> </head> <body class="homepage" onload="window.alert ('Username or password not correct') ; window.location = './../admin/password.html'"> </body> </esql:no-results> </esql:execute-query> </esql:connection> </html> </xsp:page> > Hi everybody, > > I have a problem, maybe simple, but I don't know how to deal with. > I'm sure some of you have enough skills an experience to help me :) > > In my database, I've got a table managing the users' permissions. > There's a global menu (for all the users). > To know if an user is allowed to open a link from this menu, I need the > user identifier (given by a session attribute) and an other identifier > (like a request parameter which comes along with the link for example) > Then, I want to check in my DB and : > - if it's ok, open the link > - if not, diplay an error message > > I guess I need to manage this on the sitemap level but I don't know what > to use. > > Currently, I'm using an Authentication action which allows an logged user > to access to the whole site but, as you can see, I want to be more > restrictive for some sections of the site. > > Any idea would be welcome, thx in advance ! > > Amelie -- Met vriendelijke groeten, Kind regards, Bien à vous, Yves Vindevogel Implements Kempische Steenweg 206 -- 3500 Hasselt -- Belgium Phone/Fax: +32 (11) 43.55.76 -- Mobile: +32 (478) 80.82.91 Mail: [EMAIL PROTECTED] -- www.implements.be Quote: The winner never says participating is more important than winning. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]