Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Role based Authorization for Tree Structure

 
Deepaks Deshpande
Ranch Hand
Posts: 114
Eclipse IDE Hibernate Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a javascript based tree structure in my jsp, I want to perform user level authorization for each node/leaf of the tree on clicks on the corresponding node/leaf. I am using the tree structure from http://www.destroydrop.com/javascripts/tree/default.html . I am adding the id, parentId, Name, Title,and path information of the node/leaf from the database by using JSONObject. I have a scenario where, at present I have 2 types of users - Admin and Group Users. Admin is authorized to view the entire tree structure. Group user is assigned to a particular group and should be able to view the tree structure according to the group to which he belongs. How should I perform user level authorization for this?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Only build the tree nodes the user is allowed to see.
 
Deepaks Deshpande
Ranch Hand
Posts: 114
Eclipse IDE Hibernate Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a ACL (Access Control List) table where in I get the particular user's access_group_id, which is the group id to which the signed in user belongs. Based on this I need to display nodes/leaves which can be viewed by that particular user.How should i check if the user is authorized to view the node/leaf when he clicks on the node.Can we do it in javascript ?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure.
 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not build the data for constructing the tree in your Page Controller servlet?
There you should have your user identifier which you should be able to use to get the list of groups in which your user participates.
It should then be a simple matter to build the Tree data, including only those nodes your user is allowed to see.
Then, your view (JSP) page can just build the resulting page based on the data in the session (or wherever you store it).
No JavaScript necessary.

By the way, before you choose to implement via JavaScript, what happens when JavaScript is not enabled on a client?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!