2. ASPRunnerPro General questions
  3. How to assign permissions to pages level
This topic is locked

How to assign permissions to pages level

 		12/20/2005 12:12:05 PM
ASPRunnerPro General questions
Alberto author

Hello Sergey:
Up to now I have been managing the permissions by creating the menu depending on user to give access only to the few links xxx_List.asp pages they are authorize to see as follows: (I hope this idea can help a lot of people)
Permissions (User, URL, Caption) URL is direct link to xxx_list.asp, xxx_edit, etc
User1, Sales_List.asp, SalesPage

User2, Sales_List.asp, SalesPage
User3, Buys_List.asp, BuysPage
User4, Salary_List.asp, SalaryPage

User4, Contracts_List.asp, ContractsPage
When I display Permisions_List.asp I display records depending on the user so they see the links they are authorized to access.
Then the question is how could I block the unauthorized access for rest of the pages.
Since the name of the pages are too obvious or some users are quite expert in computers especially in Internet they can easily figure it out how to enter to other pages that they are not allowed to.
I am NOT using permissions by Records for all tables because managing that does not work for us.
How could I control the permissions by pages using a table in the database and not hard coded in the page? Allowing only authorized users to access the pages and deny the access to the rest.
If ASPRunner does not do that would you consider for a new release and Could you please provide with a piece of code to insert in all the pages at the beginning to check the permissions table if the session user is authorize to see that particular page?

Thanks for the help
Sergey Kornilov admin 12/22/2005

Alberto,
to implement page level permissions use "User Group Permissions" in ASPRunnerPro.
Alberto author 12/22/2005

Sergey: That is exactly what I mean and I think it is a great solution. But unfortunately is hard coded in the asp page and I suppose if we need to add or remove a user or just modify something it will be necessary change the page rebuild the whole project and publish it again instead of just modify a Permissions table.
Can we convert or improve this functionality by accessing and validating it against a Permissions table just like we do with Users and Passwords?
For exmaple:

Permissions (User, URL, Caption) or something as would be needed.

if the
Thanks
Sergey Kornilov admin 12/23/2005

Alberto,
in ASPRunnerPro 4.0 we adding a feature that allows to add new users to login table without rebuilding a project. New users will be assigned permissions set based on field other than username.
Alberto author 12/23/2005

Sergey, sounds very good. I will be anxious waiting for the update then.
So we are going to be able to modify permissions on line. Any how It looks to me like a relationship 1 to many, isn't it?
Because have:

1 user to n projects
So we have

1 user to n tables (per project) (TableA, TableB, etc, etc...)
So we have

1 user to n pages (per table) (List, Add, View, etc...)
If so, that means 1 user will have access to many different pages and maybe would be necessary a separated table from login table. Just analyzing...

Thanks
Sergey Kornilov admin 12/26/2005

You won't be able to modify permissions online. You have to define all group permissions through ASPRunnerPro interface and build your project.
After you will be able to add new users to existing groups, or delete users or move users from one group to another without rebuilding your project.