Menu
▾
▴
AW: [Openinteract-help] Security in CommonHandler
|
From: <Tho...@be...> - 2001-12-13 07:19:15
|
Yeah thats right, but the form security does not work. If I set security level at edit to write, user who have read level can = see the form ! Only after clicking "Modify" the message "Task is forbidden" appears. I saw I have to set "show" to write but then all is secure, the user = should only see the Detailform not the editform, so that=20 /Classified/show/?edit must be writelevel and /Classified/show/?classified_id=3Dxx must be level read. is that possible ? greets. THomas -----Urspr=FCngliche Nachricht----- Von: Chris Winters [mailto:ch...@cw...] Gesendet: Dienstag, 11. Dezember 2001 17:23 An: Tho...@be... Cc: ope...@li... Betreff: Re: [Openinteract-help] Security in CommonHandler * Tho...@be... (Tho...@be...) [011211 10:57]: > Is it possible to set the other forms secure like the search_form as > done below ? Sure thing -- each 'task' can be listed in the package 'security' hash of your handler and assigned a minimum security level. So the following security specification: %OpenInteract::Handler::Classified::security =3D ( search_form =3D> SEC_LEVEL_READ, search =3D> SEC_LEVEL_READ, show =3D> SEC_LEVEL_READ, create =3D> SEC_LEVEL_WRITE, edit =3D> SEC_LEVEL_WRITE, remove =3D> SEC_LEVEL_WRITE, ); Means that: /Classified/search_form/ --> requires 'read' access to the handler /Classified/search/ --> requires 'read' access to the handler /Classified/show/ --> requires 'read' access to the handler /Classified/create/ --> requires 'write' access to the handler /Classified/edit/ --> requires 'write' access to the handler /Classified/remove/ --> requires 'write' access to the handler Using: %OpenInteract::Handler::Classified::security =3D ( DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_READ, ); Means that the minimum security for any task not specified is 'read'. And if a task isn't specified in the package security hash and there's no default set by you, then OpenInteract assumes 'write' access is required to run the task. Hope that makes sense, Chris --=20 Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988. |
