[Inso Home Page] [Home] [Collection] [Book] [Expand] [Collapse] [Search Forms] [Previous Section with Hits] [Next Section with Hits] [Clear Search] [Preferences] [Print] [Help]

 inside  Expand Search


   Adding Element-level Security for Significant Elements   [Table of Contents]    Implementing Dynamic Collections in DynaWeb

Programmer's Guide to Customizing DynaWeb

[-] 10. Performing Tasks in DynaWeb
[-] Adding Element-level Security for Significant Elements
[-] Example 16: Adding element-level security

Example 16: Adding element-level security

The basic approach to adding element-level security for a book or collection is to:

  1. Create and source in a new configuration file called bookauth.dwc.
  2. Define a variable map which establishes the user group for each individual user.
  3. Define a variable map which identifies a user group class for each book in the collection or library.
  4. Determine the authenticated user name of the client.
  5. Modify the appropriate stylesheet to change the view based on the user and the book being viewed.

    Note: Basic HTTP authentication must be enabled on your web server in order for this example to function properly. If you are using the dwhttpd server, please see the section "Setting Authentication on the DynaWeb Internet Server" in Appendix B: The DynaWeb Internet Server of the Publisher's Guide to DynaWeb for instructions. For other web servers, please consult your manuals.

    Step 1: Add new configuration file

    Create a new file called bookauth.dwc, and add a line in dynaweb.dwc to source it in:

    dwSetParam DYNAWEB_DIR install-path/dynaweb
    dwSetParam CONFIG_DIR [dwGetParam DYNAWEB_DIR]/data/config
    dwSource [dwGetParam CONFIG_DIR]/collects.dwc
    dwSource [dwGetParam CONFIG_DIR]/preproc.dwc
    dwSource [dwGetParam CONFIG_DIR]/urlutil.dwc
    dwSource [dwGetParam CONFIG_DIR]/tocutil.dwc
    dwSource [dwGetParam CONFIG_DIR]/bbarutil.dwc
    dwSource [dwGetParam CONFIG_DIR]/rootview.dwc
    dwSource [dwGetParam CONFIG_DIR]/rootbbar.dwc
    dwSource [dwGetParam CONFIG_DIR]/collview.dwc
    dwSource [dwGetParam CONFIG_DIR]/colltoc.dwc
    dwSource [dwGetParam CONFIG_DIR]/colltext.dwc
    dwSource [dwGetParam CONFIG_DIR]/collbbar.dwc
    dwSource [dwGetParam CONFIG_DIR]/bookview.dwc
    dwSource [dwGetParam CONFIG_DIR]/booktoc.dwc
    dwSource [dwGetParam CONFIG_DIR]/booktext.dwc
    dwSource [dwGetParam CONFIG_DIR]/bookbbar.dwc
    dwSource [dwGetParam CONFIG_DIR]/bookutil.dwc
    dwSource [dwGetParam CONFIG_DIR]/bookqrs.dwc
    dwSource [dwGetParam CONFIG_DIR]/bookscpt.dwcdwSource [dwGetParam CONFIG_DIR]/bookauth.dwc

    Step 2: Set up a map of user names and permission types.

    Assuming three users and two different classifications, add the following code to bookauth.dwc:

    dwSetParam userPermissionsMap {
       joe    publisher
       bob    programmer
       fred   programmer
    }
    

    Step 3: Set up a map that identifies a class for each book.

    Assuming three books (pubguide, dwcustom, and tclcmds) in the collection, add the following code to bookauth.dwc:

    ## Set up a map that identifies a class for each book using URL book name
    dwSetParam bookClassPermissionsMap {
    	pubguide    programmer
    	dwcustom 	  programmer
    	tclcmds  	  programmer
    }
    

    Step 4: Check the user's permissions against the book class.

    Add the following code to bookauth.dwc:

    dwScript dwIsUserRestricted {
    ## Navigate to book name segment in URL, then look up its classification
      set book_name		[dwGetUrlNthPathSeg [expr [dwGetUrlNumPathSegs] - 3]]
      set book_class	[dwGetParam bookClassPermissionsMap $book_name]
    ## Get the user name and look up permissions
    ## If the user is not identified, have them enter a name and password
      set user_name		[dwGetUserName]
      if { $user_name == ""} {
    	dwSetHttpResponse 401
          set restricted TRUE
      } else {
      set user_class	[dwGetParam userPermissionsMap $user_name]
    ## Assume that the user is restricted
      set restricted 	TRUE
    ## If the book is not listed in the map, assume a classification
      if {$book_class == ""} {
    	set book_class publisher
      }
    
    ## Grant access if the book classification matches the user's permissions
      if {$book_class == $user_class} {
    		set restricted FALSE
      }
    }
    ## Return the result to the TCL() PVF (by calling set  with
    ## no arguments.
      set restricted
    }
    

    Step 5: Modify the appropriate stylesheet.

    Let's assume that you want to restrict access to elements mapped to the <em> (emphasis) HTML element for the books in your collection. Within the dynaweb.wv stylesheet for those books, modify the style definition for style group <em> as follows:

    <group name="em">
       <font-slant>Italics        </>
       <hide>TCL('dwCall dwIsUserRestricted') </>
       <text-before><I>         </>
       <text-after>join('<','/I>')   </>
    </group>

       Adding Element-level Security for Significant Elements   [Table of Contents]    Implementing Dynamic Collections in DynaWeb