On 15 Jul 1999 12:50:01 -0500, Amos Latteier wrote:
At 06:00 PM 7/15/99 +0200, Anders Qvist wrote:
(Haven't researched this one, so it might have been suggested already.)
What about an DTML directive
<!--#role somerole--><!--#/role-->
which would be a specialized if clause, which includes its content only if the current caller has the specified role?
You can already do this like so:
<!--#if "AUTHENTICATED_USER.has_role('somerole')"--> ... <!--#/if-->
You can also test for permissions on objects like so:
<!--#if "AUTTHENTICATED_USER.has_permission('View',someObject)"--> ... <!--#/if-->
With browsers which only provide authentication info when it is requested, you also will need to convince the client that it needs to authenticate for the above to work. One easy way to do both of the above items is to include authentication objects in the url which (can) also control authentication. Netscape and I.E. continue to provide authentication info for all requests once it has been established, but don't count on all browsers doing so.