sbwtxj
Posts: 27
|
| Posted: 02/24/2005, 5:45 PM |
|
I use the Security Group property and login builder,and someone has more than 1 Group/Level in my person info table.For example,John has 5 level which is for sales and 18 level which is for project manager in the table.Of course it is not relationship between 5 and 18.
I have the program for sales.
If 5 record is ahead of 18 record in the table. After logging i will access the program.
If 18 record is ahead of 5 record in the table,after logging i will be told have restricted.
Then if someone has more than 2 record for group/level in the table,how will i code the login event so that these records can be retrieved and can be applied to appropriate program.
thanks,
shanbw
_________________
----------------
Regards,
shanbw |
 |
 |
RonB
Posts: 228
|
| Posted: 02/28/2005, 12:40 PM |
|
Basically the build in security function is not a very flexible one. the login function isn't build to handle multiple levels for a user. We designed our own security function to handle security a bit like oracles role system.
Basicaly our levels are put in a comma seperated string (1,5,10,34,85)
our authentication function just checks if the level of a page is present in the string. If not it spits out a "oops you are not autherised "message and if it is the page will show. All of this is handled outside of CCS's security function. Login stil get's the level but it's the above string wich is put into a session variable.
I do not have the code handy and will have to ask my employer if it's ok to publish. If he's ok with it I will try and post the code tomorow.
Ron
|
|
|
|
sbwtxj
Posts: 27
|
| Posted: 02/28/2005, 6:58 PM |
|
Thanks,
I wiil wait for your messages.
And i hope getting the example codes for JAVA.
Of course the PHP code is also studied.
The following is got from CCS supporter:
Quote :The base class for CCS authentication is com.codecharge.util.Autheticator and factory class com.codecharge.util.AuthenticatorAbstractFactory.
You must create your own implementation of Authenticator class (as example or base you can use CCSTableAuthenticator) and your own implementation of com.codecharge.util.AuthenticatorAbstractFactory (or modify CCSAuthenticatorFactory). If you write your own factory class you must also specify it in site.properties file (key authenticator.factoryClassName).
To test if user belongs to a specifig group the method Autheticator.isUserInRole(String groupName) is used.
_________________
----------------
Regards,
shanbw |
|
|
|
RonB
Posts: 228
|
| Posted: 03/01/2005, 9:46 AM |
|
here are the two functions I wrote and added to the common.php page.
each page has in the before show page event a call to these functions:
//check if the page is stored in the database and if not add it to the database
function check_page()
{
global $FileName;
$db=new clsDBmysql();
$my_test=CCGetDBValue(" select page_level_name from page_level1 where page_level_path='" .dirname($_SERVER['PHP_SELF']) ."/' and page_level_name='" .$FileName ."'" , $db);
if ($my_test == "")
{
$db->query("insert into page_level1 (page_level_path,page_level_name) values('" .dirname($_SERVER['PHP_SELF']) ."/','" .$FileName ."')");
}
}
//This function checks if the user is logged in
//if the user is logged in a check is performed to see if acces levels match the security level for this page
//if not it redirects to the oop.php page telling the user he is not authorized to ecces the page
function authenticate()
{
//bring $FileName, $Redirect and $pagepath in scope
global $FileName;
global $Redirect;
global $pagePath;
//create new database connection
$db=new clsDBmysql();
//assign path to $pagePath
$pagePath=dirname($_SERVER['PHP_SELF']) ."/";
//Get the GroupID
$my_group=CCGetGroupID();
// check if $UserID is empty and redirect to login page if needed
if(CCGetUserID()=="")
{
$Redirect="http://10.3.1.99/nieuwestijl/login.php?ret_link=" .$pagePath .$FileName;
}
elseif(CCGetDBValue("select page_level_values from page_level1 where page_level_path='" .$pagePath ."' and page_level_name='" .$FileName ."' and page_level_values in (" .$my_group .")" ,$db) =="")
{
$Redirect="http://10.3.1.99/nieuwestijl/oops.php?ret_link=" .$pagePath .$FileName;
}
}
You need to setup the databse ofcourse and add admin pages that handle the assignment of levels to users and levels to pages.
Hope this helps
Ron
|
|
|
|
|
