> Are you making something like an extranet?
Yes.
> If so, I'd
> recommend you doing this in a bit different way. ViewerGroups
> is handled in very early state (before sending HTML headers).
> One problem is also that 'midcom-template' is run only after
> checking the ViewerGroups, which makes it impossible to
> override headers set by Midgard.
Ok. This clears out a lot of things for me.
> There is a nice workaround, which allows you to stay in the
> original URI. You could have something like this set in
> <(ROOT)> style element:
>
> ---
>
> <?php
> if (substr($_MIDGARD['uri'], 0, 8) !== 'extranet' ||
> $_MIDGARD['user']) { ?> <(content)> <?php } else { <(login)> } ?>
>
> ---
>
> and then create a style element called 'login':
>
> ---
>
> <form method="POST" action="&(midgard.uri);">
> <fieldset>
> <legend>Protie login</legend>
> <label for="midcom-template-username">
> Username:
> <input type="text" name="midcom_site[username]"
> id="midcom-template-username" size="20" />
> </label>
> <label for="midcom-template-password">
> Password:
> <input type="password" name="midcom_site[password]"
> id="midcom-template-password" size="20" />
> </label>
> <input class="loginform-submit-button" type="submit"
> name="midcom_site[login]" value="Login" />
> <div class="disclaimer">
> This site uses the secure NemeinAuthentication library for
> authentication.
> Please ensure that your browser allows cookies to be set
> by this server.
> </div>
> </fieldset>
> </form>
>
> ---
>
> You can see that this method relies on URI name spacing and
> is in this example set for the first level node 'extranet'.
> This isn't a handy way to deal with AIS, since you have to
> hard-code the parts which require authentication.
>
> If someone has a better idea, I wouldn't mind hearing it.
Ok this works now. I already figured out how I can check user's group
and that way implement different authorization levels (at least I think
so :). Great!
...but I have A problem with IE cache now. IE likes to give a cached
copy for the user no matter what. So user is not redirected to the login
page in IE once he has been on the extranet once. I have Midgard caches
disabled. Is adding some cache control into HTTP headers the only way to
get it work? Can I just add them to the beginning of my ROOT style or do
I have to configure Apache to send the proper headers?
> > BTW. Is there a bug in AIS when setting UserGroup permissions. The
> > folder always disappears from the navigation whenever I change it's
> > UserGroup permission.
>
> It shouldn't disappear if you have logged in but yes, it will
> disappear if ViewerGroups is set to a group the person
> viewing doesn't belong to. This you can take as a feature.
Strange because I think I tried to check if navigation would behave like
you say it should but I remember that was not the case. I might be wrong
and I can check it out once I have time.
Seppo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
