Hi friends,
In my application I have some User management.
Users are grouped into groups. Groups are listed "Groups"
Table along their properties:
TABLE: Groups
GroupKey
-----------------
Administrator
GuestUser
NormalUser
PowerUser
....
Another table "WebResources" lists the web resources, that is pages
Or other objects which can be browsed by the an user:
TABLE: WebResources
ResourceKey Resource ...
--------------------------------------------------
PublicReport ~/Users/Guest/Reports/Report1.aspx
DailyManager ~/Users/Managers/Reports/Daily.aspx
PublicReport ~/Users/Guest/Reports/Public.htm
DemoPack ~/Users/Guest/Reports/Demo.zip
AdminLogin ~/Users/Admin.aspx
NormalLogin ~/Users/Manager.aspx
PowerLogin ~/Users/Manager.aspx
PublicLogin ~/Users/Guest.aspx
....
For each resource, it is given the group (one or more)
that can access the resource. This is given as an entry
In the "ResourcesAssociation" table (it's a many to many
relationship
between Resources and groups). Example:
TABLE: ResourcesAssociation
GroupKey ResourceKey
------------------------------------------------------------
GuestUser PublicReport
GuestUser DemoPack
NormalUser NormalLogin
PowerUser PowerLogin
GuestUser PublicReport
PowerUser DailyManager
PowerUser PublicReport
NormalUser DemoPack
NormalUser PublicReport
....
My question:
While I find easy to control resources access within .aspx
Pages, I am confused about the best way to prevent/grant access to
other resources such as .htm, .zip, etc, like for instance the 2
entries:
~/Users/Guest/Reports/Public.htm
~/Users/Guest/Reports/Demo.zip
I would like to hear your opinions about the best way to control the
access
to non .aspx resources, within the above design.
Thanks in advance for any suggestion,
-Tom