My app uses CASPIO authentication and have students and techers roles. With roles I can restrict which records are displayed and I can handle hide/display datapages in menu.
But if someone with students role type directly into his browser the URL of a datapage that he does not have in his menu he can access! I presume that there isn't a native CASPIO function to do this, it can be done with javascript?
It seems that with CASPIO i can handle the users authentication, but there is no chance to handle their authorizations. Once authenticated, users knowing the right url can access everywhere....
It is correct or there is a way to forbid the datapage access to some authenticated users?
You can post now and register later.
If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.
Question
vidierre
My app uses CASPIO authentication and have students and techers roles. With roles I can restrict which records are displayed and I can handle hide/display datapages in menu.
But if someone with students role type directly into his browser the URL of a datapage that he does not have in his menu he can access! I presume that there isn't a native CASPIO function to do this, it can be done with javascript?
I read:
It seems that with CASPIO i can handle the users authentication, but there is no chance to handle their authorizations. Once authenticated, users knowing the right url can access everywhere....
It is correct or there is a way to forbid the datapage access to some authenticated users?
Link to comment
Share on other sites
2 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.