[thelist] Looking for dynamic menus for ASP pages

Ken Schaefer ken.schaefer at gmail.com
Tue Jul 27 19:14:16 CDT 2004


On Tue, 27 Jul 2004 09:23:30 -0500, Rob Smith <rob.smith at thermon.com> wrote:
> > allow me to populate each user's menu based on the
> > user's permission level.
> 
> Although I cannot provide a link, I can offer some experience as this is how
> I did it...
> 
> How do you fit this mess together to provide a highly 
> customizable menu system for
> each person? I used comma delimited lists.

If possible, avoid this. You end up with increasingly nasty code
up-above splitting strings up, and putting them back together again.

For example: If you decide you want to remove "object E" (because it
no longer exists on the intranet, or is being replaced by two other
objects (F & G)), you need to extract each person's "string of user
rights", delete "E", delete any extra commas, and then stuff the
remaining string back in. You'd need to roll your own integrity system
because you can't rely on the database enforcing any sort of
referential integrity.

Better would be to create:
a) a list of users
b) a list of groups
c) a table that contains users & groups

Optionally:
d) create a list of user rights
e) a table that contains user rights and groups

That's how any other security system works. And it makes maintenance
much simpler, especially from a robustness PoV.

I suspect that many web app programming frameworks already have
something like isInRole() to detemine whether a user is in a group, so
you should leverage that type of functionality where it exists.

Cheers
Ken


More information about the thelist mailing list