[Pagekit-users] db and web security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all;

I am developing an app using Pagekit and Postgresql and I want to grant
user privileges based on a user/group model.

I'm getting myself in a bit of a twist trying to work this out.

I want Pagekit to login to the db as 1 of say 3 db users 'guest',
'normal' or 'power' this would take care of the db security.  At present
I'm using the pkit_auth_credential method found in the example site and
it accesses my db for Pagekit user and password data.  But
pkit_auth_credential needs db access to verify which would seem to
present a problem 

I also want to enable valid users' access to pages dependent on their
group.  The functionality for a particular page may also depend on their
group membership.  E.g. a 'guest' user may be granted view privileges
for a page but not update, whilst a 'power' user could do both.  As I
understand it, once you're logged in with Pagekit, you're logged in.  So
I need some way to enhance this to add the user/group functionality and
to tie in with the db security.

Has anyone got ideas?

I will elaborate further if I'm not being clear.

Thanks in advance

Glenn 