You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Yves Vindevogel <yv...@implements.be> on 2003/04/01 00:20:44 UTC

Re: Managing users' permissions through the sitemap

Hi Amelie,

I do a similar thing, and I use an XSP with some scripting in it.
Here's the XSP

It's not through the sitemap, but maybe this helps you.

Yves

<?xml version="1.0" encoding="ISO-8859-1"?>

    <xsp:page language="java"
    			xmlns:xsp="http://apache.org/xsp"
			xmlns:esql="http://apache.org/cocoon/SQL/v2"
			xmlns:xsp-request="http://apache.org/xsp/request/2.0"
			xmlns:xsp-session="http://apache.org/xsp/session/2.0"
			create-session="true">

        <html>

            <esql:connection>
                <esql:pool>pierrefabre</esql:pool>

                <esql:execute-query>
			<esql:query>
				select * from tblLogin
                                	where name = '<xsp-request:get-parameter 
name="username"/>'
                                 	and password = '<xsp-request:get-parameter 
name="password"/>' ;
			</esql:query>

                    <esql:results>
			<xsp-session:set-attribute name="user">admin</xsp-session:set-attribute>

		    	<body onload="window.location = './../frames.html'"></body>
                    </esql:results>

		    <esql:no-results>
		            	<head>
                			<link rel="stylesheet" type="text/css" 
href="./../css/pierrefabre.css"/>
                			<title>Pierre Fabre Médicament</title>
                                        <meta http-equiv="Content-Type" 
content="text/html; charset=ISO-8859-1"/>
			                <meta http-equiv="pragma" content="no-cache"/>
            			</head>

				<body class="homepage" onload="window.alert ('Username or password not 
correct') ; window.location = './../admin/password.html'">
				</body>
		    </esql:no-results>
                </esql:execute-query>

            </esql:connection>
	</html>
    </xsp:page>


> Hi everybody,
>
> I have a problem, maybe simple, but I don't know how to deal with.
> I'm sure some of you have enough skills an experience to help me :)
>
> In my database, I've got a table managing the users' permissions.
> There's a global menu (for all the users).
> To know if an user is allowed to open a link from this menu, I need the
> user identifier (given by a session attribute) and an other identifier
> (like a request parameter which comes along with the link for example)
> Then, I want to check in my DB and :
> 	- if it's ok, open the link
> 	- if not, diplay an error message
>
> I guess I need to manage this on the sitemap level but I don't know what
> to use.
>
> Currently, I'm using an Authentication action which allows an logged user
> to access to the whole site but, as you can see, I want to be more
> restrictive for some sections of the site.
>
> Any idea would be welcome, thx in advance !
>
> Amelie

-- 
Met vriendelijke groeten,
Kind regards,
Bien à vous,

Yves Vindevogel

Implements
Kempische Steenweg 206  --  3500 Hasselt  --  Belgium
Phone/Fax: +32 (11) 43.55.76  --  Mobile: +32 (478) 80.82.91
Mail: yves.vindevogel@implements.be  --  www.implements.be

Quote: The winner never says participating is more important than winning.

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org