Just an idea how to solve this: - during authentication you can pass the group information in the XML that is stored in the session. - you can then write a "is-in-group"-selector and use that in the sitemap. So if someone wants to access students/group 2, the selector looks in the authentication xml stored in the session and grants only access if the user is in the appropriate role.
HTH Carsten > -----Original Message----- > From: Sandor Spruit [mailto:[EMAIL PROTECTED] > Sent: Monday, November 17, 2003 6:07 AM > To: [EMAIL PROTECTED] > Subject: Refined authentication: directory open for users, subdirectory > for subgroup of users? > > > > Hello all, > > Having studied the authentication example more carefully, I now realize > how lazy I've been last Thursday - when I posted a question answered in > the Cocoon 2.1.x documentation. Sorry for that :) Still, I haven't been > able to get *exactly* what I had in mind. I'm even wondering whether it > is possible at all! I would like a file system stucture like this: > > <cocoon root> > students > group 1 > student A > student B > ... > student Z > group 2 > ... > group N > > I've a directory on my file system called 'students' below the root of > my Cocoon-based webapp. I can protect this directory, using the method > outlined in the 'authentication-fw' sample that comes with Cocoon. Now > I'd like to give access to the subdirectories, based on user subgroups: > > All students can access students/* > Students in group 1 has additional access to students/group1/* > Student A has additional access to students/group1/studentA/* > etc. > > I could use a handler (as per the authentification framework) with an > internal pipeline. An XML doc for userlist, filter it using parameters > and a XSL-transformer. There are two ways to get this done, I think: > > 1. Authentification elements in the subsitemap in each (sub)directory > 2. Detailed matching, multiple (nested?) elements at the top level > > The problem is that I want students to study and edit their own sitemap. > Option #1 exposes the entire authentification mechanism to the students. > Option #2 would require me to define all the pipelines in the toplevel > sitemap, bypassing any subsitemaps in the students' directories. Right?! > > Any hints much appreciated, > Sandor Spruit > -- > Information and Computing Sciences, Utrecht University > Contact information, see: http://www.cs.uu.nl/people/sandor/ > "Our minds are harnessed by knowledge, by the hill and the will > to succeed". From: Fish, "Vigil in a wilderness of mirrors" > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
