I want to make an admin system that doesn't base user access to a page just on the default ACCESSLEVEL you can specify with DW. I was hoping that I could devise a system where you have something like the following (Group access)

Page A
Page B
Page C

User A
User B
User C

-------------

User A (admin) can individually grant page B and page C to user B, and just page B to user C. This allows more individual control of what users can and cannot see. With ultradev's method, you setup a database field to be the accesslevel and that's what restricts page access. If I did it that way, I'd have to make 30+ accesslevels.

So what I was thinking is that upon MM's successful user login, a session variable is set. It could be set to the logged in user's field, fldAccessLevels. Ok, follow me here. The fldAccessLevels field could contain merely text of pages they are granted access to. But what custom code would I need to parse that field for a given value?

ie.

pageon = "file.asp"
' this sets a variable to the page that the user needs access to.

' insert code here that creates a boolean variable that is true if it finds pageon or false if it doesn't (pagefound)

if pagefound = false then Response.Redirect("access_denied.asp"

-----

Ok, no more ranting. I'm new to ASP, but this stuff is so cool. Would appreciate anyone's thoughts on the subject.

Why did this system **** out the word "p-l-a-c-e" ??? odd.

Maybe I'm misunderstanding you, but the standard Ultradev Login behavior does exactly what you want.

When you select the "Restrict Access to Page" behavior, you are able to select the access level that has access to that page. If you want to select more than one, then ctrl-click the available selections.

So for your example, Page B can be viewed by Groups B & C, while Page C can only be viewed by Group B. Of course, you probably want your admins to be able to view the pages as well, so Page B would be Groups A, B & C while Page C would be Groups A & B

Next time, don't use the same letters for different variables. It is very confusing <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>

My Bad.

Here's what I'm doing. I'm on a team of 30 people. Each person has their own username and password. The OLD way I did things involved that each person had a field in their record called fldAccLvl. This was either Admin, Moderator or Guest.

And of course, where I wanted a Moderator to be as well as an Admin but not a Guest, I would just use UltraDEV and select the Access Levels I want to allow.

But where the problem comes in is that each person is in a department (and many are in multiple departments) To name a few departments, we have WebDev, Design, Music, 3DModeling. So take the following situation.

UserA is an admin and can view all pages
UserB belongs to Music department only
UserC belongs to Music and 3DModeling
User D belongs to Webdev, Design, Music and 3DModeling but is NOT an admin.

Using the ultradev method if I wanted to give users B and C access to Music (for which they are allowed) I can't just make an access level called MUSIC. (Cause when UserC wants to view 3DModeling, his "MUSIC" access level will deny him.

So what I want is a system where I can do the following:

I'll make a javascript system (I can do this coding) where there are checkboxes for the different departments (9 in all) When you place a checkmark next to one, it'll change the value of a hidden form text box. So if you select WebDev, Music and Design, the value of the hidden field will be "WebDev, Music, Design" (Javascript will set that value)

So now that user has access to THOSE departments (If I had to make an access level for each possibility of combinations,t hat would be 81 different levels of access!)

And not only this, but each department has an ADD, VIEW, EDIT and DELETE sub section. I want to allow and disallow that as well.

Ie, If someone has access to the Music, I might want to opt to prevent them from DELETING music, so I'd take off the MUSIC DELETE access.

Where the custom code comes in is that I need to to search the value of that field and look for whether the user has PAGEACCESS (if they are allowed to view that page in the first place, which would be MUSIC, WEBDEV, etc.) and secondly whether the user has MODIFICATIONACCESS (which is VIEWING, EDITING, DELETING and ADDING)

It's a bit more advanced, but I'm sure it can be streamlined with the process I listed.

Ok, I'll make this easy on you guys.

suppose I open a recordset and do the following:

denied = true
pageAccess = "musicE"
al = rcdUsers.Fields.Item("fldAccessLevel".Value

'now I want to parse the al variable to find either "all" or the pageAccess value

/* insert parse-find coding here. If this code finds the pageAccess variable value in the string of the al variable
then it will set denied = false */

if denied = true then Response.Redirect("access_denied.asp"
end if

--------------------------------------------------------

And that should be it. So if someone can just supply me with the code to find a value in a string, I should be able to take it from there. THX.

nevermind everyone. I found out myself. damn I'm good at that. But I'll post my code just to let you guys see it.

Code on Page1.asp

Session("al" = "musicE,musicA,musicD"

(This gives the user rights to EDIT music, ADD music and DELETE music, but not VIEW music)

Code on Page2.asp

denied = true
pageAccess = "musicV"
currentAL = Session("al"

if InStr(1,currentAL,pageAccess,0) &gt; 0 then
denied = false
else
denied = true
end if

if denied = true then Response.Redirect("access_denied.asp"

---------

And there you have it. Since the user's access level does not contain "musicV", he is redirected to access_denied.asp. I changed that page's code to say "musicA" and bam, he could see the page. WHO DA MAN!?!?