Jeremy Blain wrote:
[EMAIL PROTECTED] wrote:
To today I did this with storing a value in my per-user-session, that
marked a logged-in user with 1 and a non-logged in with 0.
In every following component I checked that value (with direct code,
functions, modules ... whatever, not the question here).
Is there a better way? To fill in every afterwards-component checking
code is imho a bit clumsy.
Its not a problem in sites with less security so user navigation is
done by the clickable links. But whats the matter if the user - out of
possible links - inputs an non-allowed url so he is out of the
programmed path.
One way to make sure everything is protected, is put what needs
protected into it's own directory.
You can then add an autohandler to that directory, which redirects the
user elsewhere if they
are not authenticated.
When I do this, it is handled by the autohandler, so the components do
not need to manage security. The autohandler redirects to a login page
is the user is not logged in, times out, etc.
If multiple types of security or multiple levels are needed, the
different components will have an <%attr> section with attributes which
define the level or type of access required for the page. The
autohandler checks if the user has rights to go to a page with those
access restrictions.
Example:
At the top of the component:
<%attr>
access_restrictions => "logged_in siteadmin"
</%attr>
(This means that in order to access that particular component, the user
must be logged in and have site administration privileges. These are
rules I defined. You can make up whatever you need for your application.)
In the autohandler:
# check if user has access rights to the page being requested
if ($m->base_comp->attr_exists('access_restrictions')) {
if (not SUBROUTINE_TO_CHECK_ACCESS_RIGHTS(
$m->base_comp->attr('access_restrictions') )) {
$m->redirect($login_page);
return;
}
}
Since you are defining the rules, your subroutine to test for access can
be as simple or complex as you wish.
Paul Wallingford
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
