In my node driven application every menu item has the node ID as an
argument. I am struggling with URL manipulation.
Say I have a calendar controller with functions: openinghours, eventList,
timetable and courseTable. User with ID 1 has access to all functions user
2 has access to openinghours and eventlist only.
The menu for user 1 has the following links:
.../calendar/openinghours/1
.../calendar/eventList/1
.../calendar/timetable/1
.../calendar/courseTable/1
The menu for user 2 has the following links:
.../calendar/openinghours/2
.../calendar/eventList/2
At the moment when I generate the menu, for every function a user has
access to I set session[id].openinghours=True, session[id].eventList etc.
and when a visitor visits the openinghours function I first check:
if not session[int(request.args(0))].openinghours:
redirect(URL('addressbook','router',args=request.args(0)))
I designed this procedure to prevent a visitor to do the following: click
on the link: .../calendar/timetable/1 change the 1 to 2 and gain access to
function timetable, to which user 2 does not have access. This works
flawless, but I wonder whether there is a better way to implement this.
I read about digitally signed URLs, but I am not sure they'll solve my
problem, because when a visitor has opened sites of different nodes in
multiple browser windows and there have been other requests between the
ones described above, this won't work will it?
Kind regards,
Annet
--
