Re: Managing users' permissions through the sitemap

Mon, 31 Mar 2003 14:18:37 -0800 

Hi Amelie,

I do a similar thing, and I use an XSP with some scripting in it.
Here's the XSP

It's not through the sitemap, but maybe this helps you.

Yves

<?xml version="1.0" encoding="ISO-8859-1"?>

    <xsp:page language="java"
                        xmlns:xsp="http://apache.org/xsp";
                        xmlns:esql="http://apache.org/cocoon/SQL/v2";
                        xmlns:xsp-request="http://apache.org/xsp/request/2.0";
                        xmlns:xsp-session="http://apache.org/xsp/session/2.0";
                        create-session="true">

        <html>

            <esql:connection>
                <esql:pool>pierrefabre</esql:pool>

                <esql:execute-query>
                        <esql:query>
                                select * from tblLogin
                                        where name = '<xsp-request:get-parameter 
name="username"/>'
                                        and password = '<xsp-request:get-parameter 
name="password"/>' ;
                        </esql:query>

                    <esql:results>
                        <xsp-session:set-attribute 
name="user">admin</xsp-session:set-attribute>

                        <body onload="window.location = './../frames.html'"></body>
                    </esql:results>

                    <esql:no-results>
                                <head>
                                        <link rel="stylesheet" type="text/css" 
href="./../css/pierrefabre.css"/>
                                        <title>Pierre Fabre Médicament</title>
                                        <meta http-equiv="Content-Type" 
content="text/html; charset=ISO-8859-1"/>
                                        <meta http-equiv="pragma" content="no-cache"/>
                                </head>

                                <body class="homepage" onload="window.alert ('Username 
or password not 
correct') ; window.location = './../admin/password.html'">
                                </body>
                    </esql:no-results>
                </esql:execute-query>

            </esql:connection>
        </html>
    </xsp:page>


> Hi everybody,
>
> I have a problem, maybe simple, but I don't know how to deal with.
> I'm sure some of you have enough skills an experience to help me :)
>
> In my database, I've got a table managing the users' permissions.
> There's a global menu (for all the users).
> To know if an user is allowed to open a link from this menu, I need the
> user identifier (given by a session attribute) and an other identifier
> (like a request parameter which comes along with the link for example)
> Then, I want to check in my DB and :
>       - if it's ok, open the link
>       - if not, diplay an error message
>
> I guess I need to manage this on the sitemap level but I don't know what
> to use.
>
> Currently, I'm using an Authentication action which allows an logged user
> to access to the whole site but, as you can see, I want to be more
> restrictive for some sections of the site.
>
> Any idea would be welcome, thx in advance !
>
> Amelie

-- 
Met vriendelijke groeten,
Kind regards,
Bien à vous,

Yves Vindevogel

Implements
Kempische Steenweg 206  --  3500 Hasselt  --  Belgium
Phone/Fax: +32 (11) 43.55.76  --  Mobile: +32 (478) 80.82.91
Mail: [EMAIL PROTECTED]  --  www.implements.be

Quote: The winner never says participating is more important than winning.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to