I'm using Apache::AuthCookie for general authentication/authorization for a
site I'm working on. However, there's a requirement for fine-grained
authorization down to the page level - a user may have access to most pages
in a directory, but be disalllowed access to a single page. Note that the
pages in question are in a single directory.
What I don't want is to have the user tossed to a login page if they try to
access a page for which they have no access, which is what AuthCookie
currently does.
I thought about chaining an additional authorization handler, but that
won't work since if the first one in the chain approves access, then the
rest won't be called. I think that AuthCookie should come first, since it
verifies that the user has actually logged in. So, if the user passes
muster on the first stage of authorization (general access to directory)
then any other handlers in the chain won't be called. Or is there a way to
override this behaviour?
What's the best way to do this? I can always stuff some code into my main
handler, but that's ugly.
Thanks.
Cheers!
-klm.
-------------------------------------------
Ken Miller, Consultant
Shetland Software Services Inc.
