----- Original Message ----- From: "Prakash Inuganti (pinugant)" <suppressed>
To: <suppressed>
Sent: Tuesday, August 16, 2005 8:39 AM
Subject: [cgiapp] Restrict access to certain run modes
Hi,
How do I restrict user access to certain run modes based on user role.
E.g:
$self->param('role' => 'Employee');
He should have access to only run modes 'Reports' and 'Search'. If he
tries to access any other run mode by copying and pasting url or by
other means, I want to take him to an error page. Appreciate any help.
Thanks in advance
Prakash
Here's one of my clumsy attempts.
Using cgiapp_prerun and $session->param('authz') for an activity timeout.
authz is numeric 0-4 (0 being no access, 4 being superuser).
sub cgiapp_prerun {
my $self = shift;
my $session = $self->param('session');
my $run_mode = $self->get_current_runmode();
my ($min_authz, $prerun_mode, $return_mode);
if ($run_mode eq 'mode1') {
$min_authz = 2;
$prerun_mode = 'denied';
$return_mode = $run_mode; # Return here after session timeout
}
if ($run_mode eq 'mode2') {
$min_authz = 3;
$prerun_mode = 'mode1';
$return_mode = $run_mode;
}
unless ($session->param('authz')) {
$session->param('last_url', $self->param('URL')); # Probably a better
$session->param('last_rm', $return_mode); # way to do this.
$self->prerun_mode('login');
} else {
unless ($session->param('authz') >= $min_authz) {
$self->prerun_mode($prerun_mode);
}
}
}
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.