From 8603509e30ec505ec666797a1ae2c16ea7338ab2 Mon Sep 17 00:00:00 2001 From: mikl <> Date: Mon, 5 May 2008 13:02:01 +0000 Subject: Fixed flaw in blog-tutorial's authentication rules. --- demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page') diff --git a/demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page b/demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page index f0ca94f5..4dca21c2 100644 --- a/demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page +++ b/demos/blog-tutorial/protected/pages/Day3/CreateNewUser.page @@ -189,18 +189,18 @@ PRADO offers a more systematic way of checking page access permissions. To do so - - + +

-The page configuration contains authorization rules that apply to the pages under the directory protected/pages/users. The above configuration reads that the NewUser can be accessed by users of role admin (see BlogUser.createUser() for why the word "admin"), and deny anonymous access (users="?" means guest users) for all pages under the directory. +The page configuration contains authorization rules that apply to the pages under the directory protected/pages/users. The above configuration reads that users in the role admin can access all pages (see BlogUser.createUser() for why the word "admin"). For now all other users (users="*") are denied acess to pages in this directory - except for the LoginUser page which by convention can always be accessed.

-Now if we visit the NewUser page as a guest, we will be redirected to the LoginUser page first. If our login is successful, we will be redirected back to the NewUser page. +Now if we visit the NewUser page as a guest, we will be redirected to the LoginUser page first. If our login as admin is successful, we will be redirected back to the NewUser page.

-- cgit v1.2.3