hi amelie (always reminds me of that wonderful movie ;-),
since I've not yet looked into/used the authentication framework, my first
thought would be another authorization action.
you supply the action with the respective parameters or let the action grab
it from the session, etc. from within your action you check if the user is
authorized. in case of non authorized access you return null, otherwise you
return a map (empty or containing some sitemap parameters you want to set).
then within the pipeline the delivery of the protected content goes into the
action block (since what's here only gets executed if the action returned
something not null). the pipeline steps for unauthorized access would follow
the action block.
example:
...
<map:match pattern="protected/**.xml">
<map:act type="my-custom-auth-action">
<map:parameter name="resource" value="{0}"/> <!-- {0} - e.g.
protected/foo.xml -->
<!-- execute following if action succeeded (returned non-null) -->
<map:generate src="protected-stuff/{../1}.xml"/>
...
<map:serialize type="html"/>
</map:act>
<!-- execute following if action didn't succeed (returned null) -->
<map:read mime-type="text/html" src="unauthorized.html"/>
</map:match>
...
just an example off of the top of my head.
regarding the term 'open the link'. just to prevent a misunderstanding; when
the user clicks a link, this triggers a request which is to be handled (in
this case by the sitemap). thus, you handle the request, but maybe
differently depending on context (authorization in this case). so you either
deliver a respective response to the request (as in the example above;
authorized -> deliver protected content, unauthorized -> deliver error
page), or you prevent the user from being able to click the link in the
first place. for this you'd have to do the authorization earlier and adapt
the response correspondingly.
HTH
> -----Ursprungliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Auftrag von Amelie Cordier
> Gesendet: Montag, 31. Marz 2003 22:36
> An: [EMAIL PROTECTED]
> Betreff: Managing users' permissions through the sitemap
>
>
> Hi everybody,
>
> I have a problem, maybe simple, but I don't know how to deal with.
> I'm sure some of you have enough skills an experience to help me :)
>
> In my database, I've got a table managing the users' permissions.
> There's a global menu (for all the users).
> To know if an user is allowed to open a link from this menu, I need the
> user identifier (given by a session attribute) and an other identifier
> (like a request parameter which comes along with the link for example)
> Then, I want to check in my DB and :
> - if it's ok, open the link
> - if not, diplay an error message
>
> I guess I need to manage this on the sitemap level but I don't know what
> to use.
>
> Currently, I'm using an Authentication action which allows an logged user
> to access to the whole site but, as you can see, I want to be more
> restrictive for some sections of the site.
>
> Any idea would be welcome, thx in advance !
>
> Amelie
>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
