<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1515" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Bart,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>We have a few sites that have custom querying
abilities for different users; when visiting the website, the users are asked
for a username and password (basic Apache authentication using .htaccess). In
php, it detects the user that is visiting the site, making the search- and query
tools return different results.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I actually once sent a message to the mapserver
list asking if other people might see the use of having user-authentication at a
layer or class level, but nothing came out of that. I was hoping for a solution
where layers/classes would be fully ignored if the visitor to the website didn't
occur in a list of users (the list of users being a layer/class variable). Since
mapserver is designed to run in a web-environment anyway, the username can be
counted upon to exist as an environment variable.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Without that, I think the most straightforward
solution is to have a switch statement in a php file linked by index.phtml,
which sets a different template and mapfile for each user. Something
like:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>-------------------- authentication.php
--------------------------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>$username =
$_SERVER['REDIRECT_REMOTE_USER'];</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>switch($username)</FONT></DIV>
<DIV><FONT face=Arial size=2>{</FONT></DIV>
<DIV><FONT face=Arial size=2>case "Bart":</FONT></DIV>
<DIV><FONT face=Arial size=2>$szTemplate = "c:/web/bart.html";<BR>$szMapFile =
"c:/web/bart.map";</FONT></DIV>
<DIV><FONT face=Arial size=2>break;</FONT></DIV>
<DIV><FONT face=Arial size=2>case "Henk":</FONT></DIV>
<DIV><FONT face=Arial size=2>$szTemplate = "c:/web/other.html";<BR>$szMapFile =
"c:/web/other.map";</FONT></DIV>
<DIV><FONT face=Arial size=2>break;</FONT></DIV>
<DIV><FONT face=Arial size=2>default:</FONT></DIV>
<DIV><FONT face=Arial size=2>$szTemplate = "c:/web/default.html";<BR>$szMapFile
= "c:/web/default.map";</FONT></DIV>
<DIV><FONT face=Arial size=2>break;</FONT></DIV>
<DIV><FONT face=Arial size=2>}</FONT></DIV>
<DIV><FONT face=Arial size=2>----------------------------(this code is
untested)------------------------------------------------------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I think that might be more straightforward than
something that needs to be integrated into all widgets, because you cannot
really disable a widget anyway without your template layout getting messed up.
But those are just my thoughts.....</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>regards,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jacob</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>» -----Original Message-----<BR>» From: <A
href="mailto:chameleon-bounces@lists.maptools.org">chameleon-bounces@lists.maptools.org</A>
<BR>» [mailto:chameleon-bounces@lists.maptools.org] On Behalf Of <BR>» Bart van
den Eijnden<BR>» Sent: 28 September 2005 14:32<BR>» To: <A
href="mailto:chameleon@lists.maptools.org">chameleon@lists.maptools.org</A><BR>»
Subject: [Chameleon] authorisation<BR>» <BR>» Hi list,<BR>» <BR>» I have been
thinking a while about how to add authorisation <BR>» capabilities to Chameleon
since this is one of the major <BR>» things missing from the Chameleon core, and
I wanted to see <BR>» if other people have been thinking about this and what
their <BR>» thoughts are.<BR>» <BR>» As a use case, I would want to have
different Chameleon <BR>» portals for different groups of people, without having
to copy sites.<BR>» <BR>» For instance, if a user belongs to a certain group, it
should <BR>» not see certain widgets (or they should be disabled, that's a <BR>»
choice to be made). Other things that come into play are, <BR>» seeing a
different set of map layers.<BR>» <BR>» This would mean changes to the UIManager
I guess, which needs <BR>» to check in a database (could be sqlite just as for
the <BR>» authentication stuff) if a widget should be visible/enabled <BR>» in
the user's template.<BR>» <BR>» Also, every user group would have a MAP file
associated with <BR>» them. Right now the application has to set the right
mapfile <BR>» argument for the CWCInitialize function. If we want to keep <BR>»
this this way, the index.phtml file would have to take care <BR>» of setting the
right MAP file. Or this responsibility could <BR>» be moved into Chameleon.php.
For instance, if the application <BR>» developer just gives a MAP file as the
second argument, the <BR>» normal processing will take care, if the MAP file
argument is <BR>» empty, the right MAP file is looked up in a database table
<BR>» (assuming the UIManager can access the rights object of the <BR>» user to
check his rights).<BR>» <BR>» Some of the widgets would need to get adapted, for
instance <BR>» the XMLThemeLegend widget, but this could be as simple as not
<BR>» showing themes and groups which cannot be found in the MAP <BR>» file
(maybe this is already the current behaviour of this <BR>» widget?). So you have
a master themes.xml for all layers <BR>» which can be present, and changing the
MAP file would be <BR>» enough for changing what the user will see in the
XMLThemeManager.<BR>» <BR>» Am I missing things which would need to be done?
Paul, would <BR>» you be interested in having something like this in the
Chameleon core?<BR>» <BR>» Best regards,<BR>» Bart<BR>» <BR>» Bart van den
Eijnden<BR>» Syncera IT Solutions<BR>» Postbus 270<BR>» 2600 AG DELFT<BR>»
<BR>» tel.nr.: 015-7512436<BR>» email: <A
href="mailto:BEN@Syncera-ITSolutions.nl">BEN@Syncera-ITSolutions.nl</A><BR>»
<BR>» _______________________________________________<BR>» Chameleon mailing
list<BR>» <A
href="mailto:Chameleon@lists.maptools.org">Chameleon@lists.maptools.org</A><BR>»
<A
href="http://lists.maptools.org/mailman/listinfo/chameleon">http://lists.maptools.org/mailman/listinfo/chameleon</A><BR>»
</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="mailto:jacob.delfos@maunsell.com"></A></FONT> </DIV></BODY></HTML>