Hi Geert,
Happy Holidays / Merry Christmas, btw.
I think I was being a little too specific -- I didn't mean
necessarily an "any" role.. I just mean not having to explicitly pass
an explicit role in the declaration of the auth element. Or, even
more succinctly, since I just tried it -- and rife doesn't complain
-- what is the default role assigned if I don't pass the <property
name="role"></property> tag ...?
I think the crux of the issue is: do I really have have to have a
special page for admin users to log in to as opposed to regular
users... since at the end of the day I can programmatically determine
who should be allowed to access a given page based on the their
authorized role(s) in the DB. Of course, unless I've missed the boat
here, does this mean that regular users cannot have additional
privileges if they have multiple roles in the DB..?
regards,
David
On Dec 26, 2006, at 2:01 AM, Geert Bevin wrote:
Hi David,
this is currently not supported. I'm not entirely sure that it's
safe though, since it means that people with the 'any' role would
automatically gains access to all new roles that would be added in
the future. This could potentially create huge security leaks when
some users have the 'any' role and a site maintainer adds a role
without checking and validating that all the users really have
access to the sections that are protected by it.
Best regards,
Geert
On 26 Dec 2006, at 07:40, David HM Spector wrote:
I would like to be able to log in as either an admin or a regular
user to my application -- with the default system I seem to have
to specify a role -- "user" "admin" or any other role I have in
the role table. Is there way to specify "any" as the role? Given
that there are ways to find out programmatically both at the
template level and at the element level the userID and role(s)
that the user account has, is there any reason why I wouldn't want
to do this...?
David
--
Geert Bevin
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
------------------------------------------------------------------------
-------------------
David HM Spector
spector (at) zeitgeist.com
http://www.zeitgeist.com/
voice: +1 631.261.5013 fax:
+1 212.656.1443
~ ~ ~
"New and stirring things are belittled because if they are not
belittled, the
humiliating question arises, 'Why then are you not taking part in
them?'"
--H. G. Wells
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
