cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rui Alberto <rui-l-goncal...@ptinovacao.pt>
Subject RE: Pruning unauthorized document content
Date Fri, 03 Nov 2006 18:54:11 GMT
Hi Ard,

Thanks for the detailed reply - much appreciated! Very helpful.

Rui

On Thu, 2006-11-02 at 19:24 +0100, Ard Schrijvers wrote:
> > 
> > Hi Ard,
> > thanks for your quick reply!
> > I want to remove/replace the link, just like you said in your first
> > paragraph. Using your example suppose we have:
> > 
> > <div>
> > ...
> > <span>...click</span> <a href="link" id="access_module_X">here</a>
> > </div>
> > 
> > The document is passed into the transformer. The transformer checks if
> > current user (checking session attribute) can 
> > "access_module_X", if not,
> > then the resulting transformation should look like:
> > 
> > <div>
> > ...
> > <span>...click </span> <span class="removed_link">here</span>
> > </div>
> > 
> > I'll check linkrewriter and locationmap module. 
> 
> Think you can leave locationmap module for what it is. The linkrewriter might be useful,
but you need to implement your own thing that translates it according user auth: So, you start
with something like
> 
> <map:transformer logger="sitemap.transformer.linkrewriter" 
>                    name="linkrewriter" pool-grow="2" pool-max="32" pool-min="2" 
>                    src="org.apache.cocoon.transformation.LinkRewriterTransformer">
>                 <schemes>rewrite</schemes>
>                 <link-attrs>href src</link-attrs>
> </map:transformer>
> 
> and create an input module with name rewrite, that takes the href attr or src attr, and
translates it according the session. You can take the locationMapModule as an example of such
an inputModule.
> 
> You also might just extend the linkrewriter, that you don't need an extra input module,
so you do the job in the linkrewriter. You could also write the linkrewriter altogether as
a new transformer for your needs only. 
> 
> I really think you have to take performance into consideration. Since you depend on user
sessions, your caching options are few. Translating each link with a check wether the user
is allowed for that link, might be *very* time consuming. Find some way to cache it, or keep
something in memory that can handle it. Also, make sure that the rewriteble links have a prefix,
that you do not need to test every link (linke links in menu, they are not interesting)...so
your links would look for example like : <a href="rewrite:foo/bar.xml">test</a>
> 
> Now, you transformer only needs to test links that have this "rewrite" prefix.
> 
> Anyway, make sure the testing is fast, because you might end up with performance problems.
> 
> Regards Ard
> 
> > 
> > Thanks for any commants.
> > 
> > Rui
> > 
> > 
> > On Thu, 2006-11-02 at 17:31 +0100, Ard Schrijvers wrote:
> > > > 
> > > > Hi all,
> > > > I want my application to remove all the parts of a document 
> > > > that a given
> > > > user shouldn't see.
> > > > 
> > > > Another useful functionality wold be:
> > > > Suppose a web application that has three links (modules). The user
> > > > shouldn't be able to see links that he doesn't have permission to
> > > > follow. So, instead of showing links that we know the user profile
> > > > doesn't allow and show an error after user click, we remove those
> > > > links... having the URL protected also off course :)
> > > > 
> > > > Does anyone knows if there's some work done on this area? Maybe a
> > > > transfomer? Ideas??
> > > 
> > > You want to remove just the link, or the text element all 
> > together..? Like what do you want when the link says: "click 
> > here", and "here" is the link. You remove "here", or just the 
> > link, so you have "click here" without a link (you get the 
> > point, quite confusing)??
> > > 
> > > Anyway, you seem to have some user dependant blocks on your 
> > site, right? In this case you can show a block regarding the 
> > user session, or go ahead with some portal, or how we do it, 
> > use ssi's to fill in some user specific gabs, in other to 
> > maintain caching for the main part.
> > > 
> > > Or, do you mean, that you show a page, having some internal 
> > links, that need to be checked, wether the user has rights to 
> > surf to that page. From a user POV, I suppose you cannot just 
> > remove these links, because it would do strange things in your page. 
> > > 
> > > If you really want to, you could look at the linkrewriter, 
> > in combination with the locationmap module in forrest, and 
> > customize the linkrewriter in a way that it responds 
> > regarding the users session. Thereby, you loose cocoon's 
> > caching capability, and you will run into trouble if it is a 
> > high traffic site.
> > > 
> > > Anyway, if you can elaborate a little more on the exact 
> > demands, I or somebody else might help you choose the best solution.
> > > 
> > > Regards Ard
> > > 
> > > 
> > > > 
> > > > Thanks for any comments.
> > > > Rui
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > > > For additional commands, e-mail: users-help@cocoon.apache.org
> > > > 
> > > > 
> > > 
> > > 
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > > For additional commands, e-mail: users-help@cocoon.apache.org
> > > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > For additional commands, e-mail: users-help@cocoon.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message